Skip to content

Commit

Permalink
Prepare documentation for release 1.4.21.
Browse files Browse the repository at this point in the history
  • Loading branch information
joehni committed Nov 7, 2024
1 parent 43e7156 commit ab4a172
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 17 deletions.
10 changes: 10 additions & 0 deletions xstream-distribution/src/content/changes.html
Original file line number Diff line number Diff line change
Expand Up @@ -104,9 +104,19 @@ <h2>Stream compatibility</h2>
<li>No support for Hibernate 3 collections.</li>
</ul>

<!--
<h1 id="upcoming-1.4.x">Upcoming 1.4.x maintenance release</h1>
<p>Not yet released.</p>
-->

<h1 id="1.4.21">1.4.21</h1>

<p>Released November 7, 2024.</p>

<p class="highlight">This maintenance release addresses the security vulnerability
<a href="CVE-2024-47072.html">CVE-2024-47072</a>, when using the BinaryDriver to unmarshal a manipulated input
stream causing a Denial of Service due to a stack overflow.</p>

<h2>Major changes</h2>

Expand Down
19 changes: 9 additions & 10 deletions xstream-distribution/src/content/download.html
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<html>
<!--
Copyright (C) 2005, 2006 Joe Walnes.
Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 XStream committers.
Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2024 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
Expand All @@ -18,18 +18,18 @@

<p><a href="versioning.html">About XStream version numbers...</a></p>

<h1 id="stable">Stable Version: <span class="version">1.4.20</span></h1>
<h1 id="stable">Stable Version: <span class="version">1.4.21</span></h1>

<ul>
<li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.20/xstream-distribution-1.4.20-bin.zip">Binary distribution:</a></b>
<li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.21/xstream-distribution-1.4.21-bin.zip">Binary distribution:</a></b>
Contains the XStream jar files, the Hibernate and Benchmark modules and all the dependencies.</li>
<li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.20/xstream-distribution-1.4.20-src.zip">Source distribution:</a></b>
<li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.21/xstream-distribution-1.4.21-src.zip">Source distribution:</a></b>
Contains the complete XStream project as if checked out from the Subversion version tag.</li>
<li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.20/xstream-1.4.20.jar">XStream Core only:</a>
<li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.21/xstream-1.4.21.jar">XStream Core only:</a>
The xstream.jar only as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
<li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-hibernate/1.4.20/xstream-hibernate-1.4.20.jar">XStream Hibernate module:</a></b>
<li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-hibernate/1.4.21/xstream-hibernate-1.4.21.jar">XStream Hibernate module:</a></b>
The xstream-hibernate.jar as it is downloaded automatically when it is referenced as Maven dependency.</li>
<li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-jmh/1.4.20/xstream-jmh-1.4.20-app.zip">XStream JMH module:</a></b>
<li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-jmh/1.4.21/xstream-jmh-1.4.21-app.zip">XStream JMH module:</a></b>
The xstream-jmh-app.zip as standalone application with start scripts and all required libraries.</li>
</ul>

Expand All @@ -41,7 +41,7 @@ <h1 id="maven">Maven Central Repository</h1>
<div class="Source XML"><pre>&lt;dependency&gt;
&lt;groupId&gt;com.thoughtworks.xstream&lt;/groupId&gt;
&lt;artifactId&gt;xstream&lt;/artifactId&gt;
&lt;version&gt;1.4.20&lt;/version&gt;
&lt;version&gt;1.4.21&lt;/version&gt;
&lt;/dependency&gt;</pre></div>

<h1 id="previous-releases">Previous Releases</h1>
Expand Down Expand Up @@ -82,9 +82,8 @@ <h1 id="optional-deps">Optional Dependencies</h1>
<li>Other optional 3rd party dependencies:
<ul>
<li><a href="https://repo1.maven.org/maven2/javax/activation/jaxax.activation-api/1.2.0/jaxax.activation-api-1.2.0.jar">Java Activation module</a> for the ActivationDataFlavorConverter. The dependency is required for the Java 11 runtime.</li>
<li><a href="https://github.com/JodaOrg/joda-time/releases/download/v2.10.1/joda-time-2.10.1-dist.zip">Joda Time</a> for optional ISO8601 date/time converters in JDK 1.7 or below.</li>
<li><a href="http://downloads.sourceforge.net/cglib/cglib-nodep-2.2.jar">CGLIB</a> for optional support of some proxies generated with the CGLIB Enhancer.</li>
<li><a href="https://repo1.maven.org/maven2/org/codehaus/jettison/jettison/1.4.1/jettison-1.4.1.jar">Jettison</a> for serialization and deserialization support with JSON. Note, except Jettison 1.2 no lower version is compatible.</li>
<li><a href="https://repo1.maven.org/maven2/org/codehaus/jettison/jettison/1.5.4/jettison-1.5.4.jar">Jettison 1.5.4</a> for serialization and deserialization support with JSON. Note, that some versions from 1.3.x and up are not compatible with XStream.</li>
</ul>
</li>
</ul>
Expand Down
14 changes: 9 additions & 5 deletions xstream-distribution/src/content/index.html
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<html>
<!--
Copyright (C) 2005, 2006 Joe Walnes.
Copyright (C) 2006, 2007, 2008, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2020, 2021, 2022 XStream committers.
Copyright (C) 2006, 2007, 2008, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2020, 2021, 2022, 2024 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
Expand Down Expand Up @@ -73,11 +73,15 @@ <h1 id="getting-started">Getting Started</h1>

<h1 id="news">Latest News</h1>

<h2 id="1.4.20"><b>December 24, 2022</b> XStream 1.4.20 released</h2>
<h2 id="release"><b>November 7, 2024</b> XStream 1.4.21 released</h2>

<p class="highlight">This maintenance release addresses the security vulnerabilities
<a href="CVE-2022-40151.html">CVE-2022-40151</a> and <a href="CVE-2022-41966.html">CVE-2022-41966</a>, causing a
Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types.</p>
<p class="highlight">This maintenance release addresses the security vulnerability
<a href="CVE-2024-47072.html">CVE-2024-47072</a>, when using the BinaryDriver to unmarshal a manipulated input
stream causing a Denial of Service due to a stack overflow.</p>

<p>A new converter fir the WeakHashMap avoids the access to the ReentrantLock introduced with Java 19.</p>

<p>The release contains an optimization for the memory consumption.</p>

<p>View the complete <a href="changes.html">change log</a> and <a href="download.html">download</a>.</p>

Expand Down
18 changes: 16 additions & 2 deletions xstream-distribution/src/content/news.html
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<html>
<!--
Copyright (C) 2005, 2006 Joe Walnes.
Copyright (C) 2006, 2007, 2008, 2009, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2020, 2021, 2022 XStream committers.
Copyright (C) 2006, 2007, 2008, 2009, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2020, 2021, 2022, 2024 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
Expand All @@ -16,7 +16,21 @@

<body>

<h2 id="1.4.20"><b>December 24, 2022</b> XStream 1.4.20 released</h2>
<h2 id="1.4.20"><b>November 7, 2024</b> XStream 1.4.21 released</h2>

<p class="highlight">This maintenance release addresses the security vulnerability
<a href="CVE-2024-47072.html">CVE-2024-47072</a>, when using the BinaryDriver to unmarshal a manipulated input
stream causing a Denial of Service due to a stack overflow.</p>

<p>A new converter fir the WeakHashMap avoids the access to the ReentrantLock introduced with Java 19.</p>

<p>The release contains an optimization for the memory consumption.</p>

<p>View the complete <a href="changes.html">change log</a> and <a href="download.html">download</a>.</p>

<p>Note, the next major release 1.5 will require Java 11.</p>

<h2 id="1.4.20"><b>December 24, 2022</b> XStream 1.4.20 released</h2>

<p class="highlight">This maintenance release addresses the security vulnerabilities
<a href="CVE-2022-40151.html">CVE-2022-40151</a> and <a href="CVE-2022-41966.html">CVE-2022-41966</a>, causing a
Expand Down

0 comments on commit ab4a172

Please sign in to comment.