Upgrade XStream to 1.4.21 (openhab#4457)

* Upgrade XStream from 1.4.20 to 1.4.21, fixes CVE-2024-47072. See changelog at https://x-stream.github.io/changes.html#1.4.21 Signed-off-by: Holger Friedrich <[email protected]>
andrewfg · Nov 18, 2024 · 660102e · 660102e
1 parent d7495d2
commit 660102e
Show file tree

Hide file tree

Showing 25 changed files with 25 additions and 25 deletions.
diff --git a/bom/compile/pom.xml b/bom/compile/pom.xml
@@ -357,7 +357,7 @@
     <dependency>
       <groupId>com.thoughtworks.xstream</groupId>
       <artifactId>xstream</artifactId>
-      <version>1.4.20</version>
+      <version>1.4.21</version>
       <scope>compile</scope>
     </dependency>
 

diff --git a/bom/runtime/pom.xml b/bom/runtime/pom.xml
@@ -544,7 +544,7 @@
     <dependency>
       <groupId>com.thoughtworks.xstream</groupId>
       <artifactId>xstream</artifactId>
-      <version>1.4.20</version>
+      <version>1.4.21</version>
       <scope>compile</scope>
     </dependency>
 

diff --git a/features/karaf/openhab-tp/src/main/feature/feature.xml b/features/karaf/openhab-tp/src/main/feature/feature.xml
@@ -37,7 +37,7 @@
 		<bundle dependency="true">mvn:org.osgi/org.osgi.service.component.annotations/1.5.1</bundle>
 
 		<!-- TODO: Unbundled libraries -->
-		<bundle dependency="true">mvn:com.thoughtworks.xstream/xstream/1.4.20</bundle>
+		<bundle dependency="true">mvn:com.thoughtworks.xstream/xstream/1.4.21</bundle>
 	</feature>
 
 	<feature name="openhab.tp-coap" description="Californium CoAP library" version="${project.version}">

diff --git a/itests/org.openhab.core.addon.tests/itest.bndrun b/itests/org.openhab.core.addon.tests/itest.bndrun
@@ -26,7 +26,7 @@ Fragment-Host: org.openhab.core.addon
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	org.openhab.base-fixes;version='[1.0.0,1.0.1)',\
 	javax.measure.unit-api;version='[2.2.0,2.2.1)',\
 	org.apiguardian.api;version='[1.1.2,1.1.3)',\

diff --git a/itests/org.openhab.core.auth.oauth2client.tests/itest.bndrun b/itests/org.openhab.core.auth.oauth2client.tests/itest.bndrun
@@ -47,7 +47,7 @@ Fragment-Host: org.openhab.core.auth.oauth2client
 	org.opentest4j;version='[1.3.0,1.3.1)',\
 	ch.qos.logback.classic;version='[1.3.14,1.3.15)',\
 	ch.qos.logback.core;version='[1.3.14,1.3.15)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	com.sun.jna;version='[5.14.0,5.14.1)',\
 	org.apache.aries.spifly.dynamic.bundle;version='[1.3.7,1.3.8)',\
 	org.eclipse.jetty.alpn.client;version='[9.4.54,9.4.55)',\

diff --git a/itests/org.openhab.core.automation.integration.tests/itest.bndrun b/itests/org.openhab.core.automation.integration.tests/itest.bndrun
@@ -22,7 +22,7 @@ Fragment-Host: org.openhab.core.automation
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.mockito-core;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.automation.module.core.tests/itest.bndrun b/itests/org.openhab.core.automation.module.core.tests/itest.bndrun
@@ -22,7 +22,7 @@ Fragment-Host: org.openhab.core.automation
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.mockito-core;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.automation.module.script.tests/itest.bndrun b/itests/org.openhab.core.automation.module.script.tests/itest.bndrun
@@ -22,7 +22,7 @@ Fragment-Host: org.openhab.core.automation.module.script
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	org.openhab.base-fixes;version='[1.0.0,1.0.1)',\
 	javax.measure.unit-api;version='[2.2.0,2.2.1)',\
 	org.apiguardian.api;version='[1.1.2,1.1.3)',\

diff --git a/itests/org.openhab.core.automation.module.timer.tests/itest.bndrun b/itests/org.openhab.core.automation.module.timer.tests/itest.bndrun
@@ -22,7 +22,7 @@ Fragment-Host: org.openhab.core.automation
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.mockito-core;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.automation.tests/itest.bndrun b/itests/org.openhab.core.automation.tests/itest.bndrun
@@ -22,7 +22,7 @@ Fragment-Host: org.openhab.core.automation
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.mockito-core;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.config.core.tests/itest.bndrun b/itests/org.openhab.core.config.core.tests/itest.bndrun
@@ -23,7 +23,7 @@ Fragment-Host: org.openhab.core.config.core
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.junit-jupiter;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.config.discovery.mdns.tests/itest.bndrun b/itests/org.openhab.core.config.discovery.mdns.tests/itest.bndrun
@@ -23,7 +23,7 @@ Fragment-Host: org.openhab.core.config.discovery.mdns
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.mockito-core;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.config.discovery.tests/itest.bndrun b/itests/org.openhab.core.config.discovery.tests/itest.bndrun
@@ -23,7 +23,7 @@ Fragment-Host: org.openhab.core.config.discovery
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.junit-jupiter;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.config.discovery.usbserial.linuxsysfs.tests/itest.bndrun b/itests/org.openhab.core.config.discovery.usbserial.linuxsysfs.tests/itest.bndrun
@@ -22,7 +22,7 @@ Fragment-Host: org.openhab.core.config.discovery.usbserial.linuxsysfs
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.junit-jupiter;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.config.discovery.usbserial.tests/itest.bndrun b/itests/org.openhab.core.config.discovery.usbserial.tests/itest.bndrun
@@ -32,7 +32,7 @@ Provide-Capability: \
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.mockito-core;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.ephemeris.tests/itest.bndrun b/itests/org.openhab.core.ephemeris.tests/itest.bndrun
@@ -27,7 +27,7 @@ feature.openhab-config: \
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	org.openhab.base-fixes;version='[1.0.0,1.0.1)',\
 	javax.measure.unit-api;version='[2.2.0,2.2.1)',\
 	org.apiguardian.api;version='[1.1.2,1.1.3)',\

diff --git a/itests/org.openhab.core.io.rest.core.tests/itest.bndrun b/itests/org.openhab.core.io.rest.core.tests/itest.bndrun
@@ -29,7 +29,7 @@ Fragment-Host: org.openhab.core.io.rest.core
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.junit-jupiter;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.model.item.tests/itest.bndrun b/itests/org.openhab.core.model.item.tests/itest.bndrun
@@ -26,7 +26,7 @@ Fragment-Host: org.openhab.core.model.item
 	org.osgi.util.function;version='[1.2.0,1.2.1)',\
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	org.openhab.base-fixes;version='[1.0.0,1.0.1)',\
 	javax.measure.unit-api;version='[2.2.0,2.2.1)',\
 	org.apiguardian.api;version='[1.1.2,1.1.3)',\

diff --git a/itests/org.openhab.core.model.rule.tests/itest.bndrun b/itests/org.openhab.core.model.rule.tests/itest.bndrun
@@ -30,7 +30,7 @@ Fragment-Host: org.openhab.core.model.rule.runtime
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	org.openhab.base-fixes;version='[1.0.0,1.0.1)',\
 	javax.measure.unit-api;version='[2.2.0,2.2.1)',\
 	org.apiguardian.api;version='[1.1.2,1.1.3)',\

diff --git a/itests/org.openhab.core.model.script.tests/itest.bndrun b/itests/org.openhab.core.model.script.tests/itest.bndrun
@@ -30,7 +30,7 @@ Fragment-Host: org.openhab.core.model.script
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.junit-jupiter;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.model.thing.tests/itest.bndrun b/itests/org.openhab.core.model.thing.tests/itest.bndrun
@@ -27,7 +27,7 @@ Fragment-Host: org.openhab.core.model.thing
 	org.osgi.util.function;version='[1.2.0,1.2.1)',\
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.junit-jupiter;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.storage.json.tests/itest.bndrun b/itests/org.openhab.core.storage.json.tests/itest.bndrun
@@ -22,7 +22,7 @@ Fragment-Host: org.openhab.core.storage.json
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	org.openhab.base-fixes;version='[1.0.0,1.0.1)',\
 	javax.measure.unit-api;version='[2.2.0,2.2.1)',\
 	org.apiguardian.api;version='[1.1.2,1.1.3)',\

diff --git a/itests/org.openhab.core.thing.tests/itest.bndrun b/itests/org.openhab.core.thing.tests/itest.bndrun
@@ -26,7 +26,7 @@ Fragment-Host: org.openhab.core.thing
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	net.bytebuddy.byte-buddy;version='[1.12.19,1.12.20)',\
 	net.bytebuddy.byte-buddy-agent;version='[1.12.19,1.12.20)',\
 	org.mockito.junit-jupiter;version='[4.11.0,4.11.1)',\

diff --git a/itests/org.openhab.core.voice.tests/itest.bndrun b/itests/org.openhab.core.voice.tests/itest.bndrun
@@ -26,7 +26,7 @@ Fragment-Host: org.openhab.core.voice
 	org.apache.felix.configadmin;version='[1.9.26,1.9.27)',\
 	org.apache.felix.http.servlet-api;version='[1.2.0,1.2.1)',\
 	org.osgi.service.component;version='[1.5.1,1.5.2)',\
-	xstream;version='[1.4.20,1.4.21)',\
+	xstream;version='[1.4.21,1.4.22)',\
 	org.openhab.base-fixes;version='[1.0.0,1.0.1)',\
 	javax.measure.unit-api;version='[2.2.0,2.2.1)',\
 	org.apiguardian.api;version='[1.1.2,1.1.3)',\

diff --git a/tools/i18n-plugin/pom.xml b/tools/i18n-plugin/pom.xml
@@ -29,7 +29,7 @@
     <dependency>
       <groupId>com.thoughtworks.xstream</groupId>
       <artifactId>xstream</artifactId>
-      <version>1.4.20</version>
+      <version>1.4.21</version>
     </dependency>
     <dependency>
       <groupId>org.apache.maven</groupId>