|
|
Author: jleroux
Revision: 1850015
Modified property: svn:log
Modified: svn:log at Fri Sep 13 07:20:23 2019
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Fri Sep 13 07:20:23 2019
@@ -1,6 +1,8 @@
Improved: Prepare the migration to XStream 1.5
(OFBIZ-10756)
+Fixes CVE-2018-17200
+
We currently use the UnsupportedClassConverter method in UtilXml class.
When the 1.5 version of XStream will be available another way to handle this
kind of things will be available and used by default. It's already possible to
|
Locked
