[Git][java-team/libxstream-java][upstream] New upstream version 1.4.11.1
Markus Koschany
gitlab at salsa.debian.org
Sat Nov 10 23:08:21 GMT 2018
Markus Koschany pushed to branch upstream at Debian Java Maintainers / libxstream-java
Commits:
a6a98eb4 by Markus Koschany at 2018-11-10T23:04:28Z
New upstream version 1.4.11.1
- - - - -
11 changed files:
- pom.xml
- xstream-benchmark/pom.xml
- xstream-distribution/pom.xml
- xstream-distribution/src/content/changes.html
- xstream-distribution/src/content/download.html
- xstream-distribution/src/content/faq.html
- xstream-distribution/src/content/index.html
- xstream-hibernate/pom.xml
- xstream-jmh/pom.xml
- xstream/pom.xml
- xstream/src/java/com/thoughtworks/xstream/core/JVM.java
Changes:
=====================================
pom.xml
=====================================
@@ -14,7 +14,7 @@
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
<packaging>pom</packaging>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
<name>XStream Parent</name>
<url>http://x-stream.github.io</url>
<description>
@@ -321,12 +321,12 @@
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
<classifier>tests</classifier>
<type>test-jar</type>
<scope>test</scope>
@@ -334,43 +334,43 @@
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-hibernate</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-hibernate</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-jmh</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-jmh</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-benchmark</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-benchmark</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
@@ -921,11 +921,11 @@
<distributionManagement>
<repository>
<id>ossrh-staging</id>
- <url>http://oss.sonatype.org/service/local/staging/deploy/maven2</url>
+ <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
</repository>
<snapshotRepository>
<id>ossrh-snapshots</id>
- <url>http://oss.sonatype.org/content/repositories/snapshots</url>
+ <url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<!--site>
<id>github</id>
=====================================
xstream-benchmark/pom.xml
=====================================
@@ -14,7 +14,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
</parent>
<artifactId>xstream-benchmark</artifactId>
<packaging>jar</packaging>
=====================================
xstream-distribution/pom.xml
=====================================
@@ -14,7 +14,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
</parent>
<artifactId>xstream-distribution</artifactId>
<packaging>pom</packaging>
=====================================
xstream-distribution/src/content/changes.html
=====================================
@@ -33,6 +33,15 @@
<p>Not yet released.</p>
-->
+ <h1 id="1.4.11.1">1.4.11.1</h1>
+
+ <p>Released October 27, 2018.</p>
+
+ <h2>Hot fix</h2>
+
+ <ul>
+ <li>GHI:#133: XStream 1.4.11 fails to run on a Java Runtime < 8.</li>
+ </ul>
<h1 id="1.4.11">1.4.11</h1>
@@ -46,7 +55,7 @@
<ul>
<li>GHPR:#91, GHPR:#106: Clean-up data stacks in UnmarshallingContext implementations in case of exception (by
- Määrt Bakhoff).</li>
+ Märt Bakhoff).</li>
<li>GHI:#2: Unneeded contention in DefaultConverterLookup.</li>
<li>GHI:#94: Fix PathConverter containing absolute Windows paths.</li>
<li>GHI:#105: XStream's ObjectInputStream returns wrong values for readUnsignedByte and readUnsignedShort.</li>
=====================================
xstream-distribution/src/content/download.html
=====================================
@@ -18,21 +18,21 @@
<p><a href="versioning.html">About XStream version numbers...</a></p>
- <h1 id="stable">Stable Version: <span class="version">1.4.11</span></h1>
+ <h1 id="stable">Stable Version: <span class="version">1.4.11.1</span></h1>
<ul>
- <li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.11/xstream-distribution-1.4.11-bin.zip">Binary distribution:</a></b>
+ <li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.11.1/xstream-distribution-1.4.11.1-bin.zip">Binary distribution:</a></b>
Contains the XStream jar files, the Hibernate and Benchmark modules and all the dependencies.</li>
- <li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.11/xstream-distribution-1.4.11-src.zip">Source distribution:</a></b>
+ <li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.11.1/xstream-distribution-1.4.11.1-src.zip">Source distribution:</a></b>
Contains the complete XStream project as if checked out from the Subversion version tag.</li>
- <li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.11/xstream-1.4.11.jar">XStream Core only:</a>
+ <li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.11.1/xstream-1.4.11.1.jar">XStream Core only:</a>
The xstream.jar only as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
- <li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-hibernate/1.4.11/xstream-hibernate-1.4.11.jar">XStream Hibernate module:</a></b>
+ <li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-hibernate/1.4.11.1/xstream-hibernate-1.4.11.1.jar">XStream Hibernate module:</a></b>
The xstream-hibernate.jar as it is downloaded automatically when it is referenced as Maven dependency.</li>
- <li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-jmh/1.4.11/xstream-jmh-1.4.11-app.zip">XStream JMH module:</a></b>
+ <li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-jmh/1.4.11.1/xstream-jmh-1.4.11.1-app.zip">XStream JMH module:</a></b>
The xstream-jmh-app.zip as standalone application with start scripts and all required libraries.</li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.11-java7/xstream-1.4.11-java7.jar">XStream Core for Java 7 only:</a>
- The xstream.jar only without the Java 8 stuff as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
+ The xstream.jar only <a href="faq.html#Compatibility_Android">without the Java 8 stuff</a> as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
</ul>
<h1 id="previous-releases">Previous Releases</h1>
=====================================
xstream-distribution/src/content/faq.html
=====================================
@@ -35,12 +35,17 @@
<p>XStream 1.4.x requires Java 1.4 or later. Note, that the XStream libraries contains class files targeting
different Java runtime versions or Java features. These classes are loaded by reflection and only used if XStream
is running on an appropriate runtime environment.</p>
+ <p>Environments that load all class files of a Java archive can fail with this approach, the
+ <a href="#Compatibility_Android">Android runtime</a> is such an example. You can build your own version of XStream
+ with a <a href="#Compatibility_JDK">lower JDK</a> then.</p>
+ <p>For Java 9 and later you will currently have to permit the now illegal access for XStream to operate.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_JDK">Which JDK is required to build XStream?</h2>
<p>XStream 1.4.x can be build still with JDK 1.4 (see BUILD.txt). However, to support the latest features it
- requires currently a JDK of Java 8. Otherwise the resulting jar files will miss some classes not available on
+ requires currently a JDK of Java 8. Otherwise the resulting jar file will miss some class files not available on
earlier runtimes. Depending on the target environment this can be useful (e.g. for Android or GAE).</p>
+ <p>Note, that such Java archives will fail on higher Java runtimes then.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_Dependencies">Which dependencies are required to run XStream?</h2>
@@ -48,6 +53,7 @@
However it depends on the use case. XStream will run without dependencies using the DOM driver on all Java runtimes
or the StAX driver in combination with Java 6 or greater. See the list of <a
href="download.html#optional-deps">optional dependencies</a>.</p>
+ <p>Note, that XStream's manifest contains OSGi entries that declare all dependencies as optional.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_JVMs">Does XStream behave differently across different JVMs?</h2>
@@ -66,6 +72,7 @@
starting with R25.1.0. Generally it works for all modern Java runtimes based on OpenJDK. Android basically supports
the enhanced mode as well as the Google Application Engine, but the latter's security model limits the types that
can be handled. Note, that an active SecurityManager might prevent the usage of the enhanced mode also.</p>
+ <p>Since Java 9 it is required to permit the now illegal access.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_enhanced_mode_advantage">What are the advantages of using enhanced mode over pure Java mode?</h2>
@@ -86,9 +93,26 @@
<tr><td>Private fields</td><td>Yes</td><td>Yes</td></tr>
<tr><td>Final fields</td><td>Yes >= JDK 1.5</td><td>Yes</td></tr>
</table>
+
+ <!-- ...................................................... -->
+ <h2 id="Compatibility_illegal_reflective_access">Java runtime warns me about an illegal reflective access by XStream!</h2>
+
+ <p>Yes, this is normal. A big part of XStream is reflection based and there is currently no replacement for the
+ complete required functionality. You will have to permit this access currently, otherwise XStream will not work.</p>
+
+ <!-- ...................................................... -->
+ <h2 id="Compatibility_no_module">Why does XStream not even declare an automated module name?</h2>
+
+ <p>Such a declaration would move XStream automatically into the module class path. However, in this environment a
+ lot of functionality does no longer work. Therefore it is on purpose that XStream stays currently in the unnamed
+ module.</p>
+
+ <!-- ...................................................... -->
+ <h2 id="Compatibility_JPMS">Will XStream support the Java Platform Module System (JPMS)?</h2>
- <p>Note, that these undocumented features are still available with Java 9, since there is currently no public
- functionality provided as replacement.</p>
+ <p>At some point definitely. However, you will have to accept a limited functionality only, comparable to the pure
+ Java mode. The access model is very restrictive and XStream will no longer be able to marshal all types of the Java
+ runtime like now.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_XPP">Why is my application not able to create a XmlPullParser with the XppDriver since XStream 1.4?</h2>
@@ -115,7 +139,8 @@
that is equivalent to the Java level supported by the target version of Android.</p>
<p>Since XStream 1.4.10 an additional artifact is deployed to the Central Maven Repository with <em>-java7</em>
- appended to the version that explicitly does not contain any Java 8 related stuff.</p>
+ appended to the version that explicitly does not contain any Java 8 related stuff. Note that this version will fail
+ on higher runtimes.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_GAE">Which limits exists for XStream in Google's Application Engine (GAE)?</h2>
=====================================
xstream-distribution/src/content/index.html
=====================================
@@ -73,7 +73,9 @@
<h1 id="news">Latest News</h1>
- <h2 id="1.4.11"><b>October 23, 2018</b> XStream 1.4.11 released</h2>
+ <h2 id="1.4.11.1"><b>October 27, 2018</b> XStream 1.4.11.1 released</h2>
+
+ <p class="highlight">Hot fix for XStream 1.4.11: Accidental breakage of Java runtimes %lt; 8.</p>
<p class="highlight">This maintenance release addresses again the security vulnerability <a href="CVE-2013-7285.html">
CVE-2013-7285</a>, an arbitrary execution of commands when unmarshalling for XStream instances with
=====================================
xstream-hibernate/pom.xml
=====================================
@@ -13,7 +13,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
</parent>
<artifactId>xstream-hibernate</artifactId>
<packaging>jar</packaging>
=====================================
xstream-jmh/pom.xml
=====================================
@@ -13,7 +13,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
</parent>
<artifactId>xstream-jmh</artifactId>
<packaging>jar</packaging>
=====================================
xstream/pom.xml
=====================================
@@ -14,7 +14,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
</parent>
<artifactId>xstream</artifactId>
<packaging>jar</packaging>
=====================================
xstream/src/java/com/thoughtworks/xstream/core/JVM.java
=====================================
@@ -186,6 +186,7 @@ public class JVM implements Caching {
try {
base64 = (StringCodec)base64Class.newInstance();
} catch (final Exception e) {
+ } catch (final Error e) {
}
}
if (base64 == null) {
View it on GitLab: https://salsa.debian.org/java-team/libxstream-java/commit/a6a98eb49725b56d0b0c1b28654ecb9ee2fcad06
--
View it on GitLab: https://salsa.debian.org/java-team/libxstream-java/commit/a6a98eb49725b56d0b0c1b28654ecb9ee2fcad06
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20181110/b7fb6b13/attachment.html>
More information about the pkg-java-commits
mailing list