Prepare documentation for release 1.4.21.

x-stream · Nov 7, 2024 · ab4a172 · ab4a172
1 parent 43e7156
commit ab4a172
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 17 deletions.
diff --git a/xstream-distribution/src/content/changes.html b/xstream-distribution/src/content/changes.html
@@ -104,9 +104,19 @@ <h2>Stream compatibility</h2>
 		<li>No support for Hibernate 3 collections.</li>
 	</ul>
 
+	<!--
 	<h1 id="upcoming-1.4.x">Upcoming 1.4.x maintenance release</h1>
 
 	<p>Not yet released.</p>
+	-->
+
+	<h1 id="1.4.21">1.4.21</h1>
+
+	<p>Released November 7, 2024.</p>
+
+	<p class="highlight">This maintenance release addresses the security vulnerability
+	<a href="CVE-2024-47072.html">CVE-2024-47072</a>, when using the BinaryDriver to unmarshal a manipulated input
+	stream causing a Denial of Service due to a stack overflow.</p>
 
 	<h2>Major changes</h2>
 

diff --git a/xstream-distribution/src/content/download.html b/xstream-distribution/src/content/download.html
@@ -1,7 +1,7 @@
 <html>
 <!--
  Copyright (C) 2005, 2006 Joe Walnes.
- Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 XStream committers.
+ Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2024 XStream committers.
  All rights reserved.
  
  The software in this package is published under the terms of the BSD
@@ -18,18 +18,18 @@
 
     <p><a href="versioning.html">About XStream version numbers...</a></p>
 
-    <h1 id="stable">Stable Version: <span class="version">1.4.20</span></h1>
+    <h1 id="stable">Stable Version: <span class="version">1.4.21</span></h1>
 
     <ul>
-      <li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.20/xstream-distribution-1.4.20-bin.zip">Binary distribution:</a></b>
+      <li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.21/xstream-distribution-1.4.21-bin.zip">Binary distribution:</a></b>
       Contains the XStream jar files, the Hibernate and Benchmark modules and all the dependencies.</li>
-      <li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.20/xstream-distribution-1.4.20-src.zip">Source distribution:</a></b>
+      <li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.21/xstream-distribution-1.4.21-src.zip">Source distribution:</a></b>
       Contains the complete XStream project as if checked out from the Subversion version tag.</li>
-      <li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.20/xstream-1.4.20.jar">XStream Core only:</a>
+      <li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.21/xstream-1.4.21.jar">XStream Core only:</a>
       The xstream.jar only as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
-      <li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-hibernate/1.4.20/xstream-hibernate-1.4.20.jar">XStream Hibernate module:</a></b>
+      <li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-hibernate/1.4.21/xstream-hibernate-1.4.21.jar">XStream Hibernate module:</a></b>
       The xstream-hibernate.jar as it is downloaded automatically when it is referenced as Maven dependency.</li>
-      <li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-jmh/1.4.20/xstream-jmh-1.4.20-app.zip">XStream JMH module:</a></b>
+      <li><b><a href="https://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-jmh/1.4.21/xstream-jmh-1.4.21-app.zip">XStream JMH module:</a></b>
       The xstream-jmh-app.zip as standalone application with start scripts and all required libraries.</li>
     </ul>
 
@@ -41,7 +41,7 @@ <h1 id="maven">Maven Central Repository</h1>
     <div class="Source XML"><pre>&lt;dependency&gt;
   &lt;groupId&gt;com.thoughtworks.xstream&lt;/groupId&gt;
   &lt;artifactId&gt;xstream&lt;/artifactId&gt;
-  &lt;version&gt;1.4.20&lt;/version&gt;
+  &lt;version&gt;1.4.21&lt;/version&gt;
 &lt;/dependency&gt;</pre></div>
 
     <h1 id="previous-releases">Previous Releases</h1>
@@ -82,9 +82,8 @@ <h1 id="optional-deps">Optional Dependencies</h1>
         <li>Other optional 3rd party dependencies:
         <ul>
       	  <li><a href="https://repo1.maven.org/maven2/javax/activation/jaxax.activation-api/1.2.0/jaxax.activation-api-1.2.0.jar">Java Activation module</a> for the ActivationDataFlavorConverter. The dependency is required for the Java 11 runtime.</li>
-      	  <li><a href="https://github.com/JodaOrg/joda-time/releases/download/v2.10.1/joda-time-2.10.1-dist.zip">Joda Time</a> for optional ISO8601 date/time converters in JDK 1.7 or below.</li>
       	  <li><a href="http://downloads.sourceforge.net/cglib/cglib-nodep-2.2.jar">CGLIB</a> for optional support of some proxies generated with the CGLIB Enhancer.</li>
-      	  <li><a href="https://repo1.maven.org/maven2/org/codehaus/jettison/jettison/1.4.1/jettison-1.4.1.jar">Jettison</a> for serialization and deserialization support with JSON. Note, except Jettison 1.2 no lower version is compatible.</li>
+		  <li><a href="https://repo1.maven.org/maven2/org/codehaus/jettison/jettison/1.5.4/jettison-1.5.4.jar">Jettison 1.5.4</a> for serialization and deserialization support with JSON. Note, that some versions from 1.3.x and up are not compatible with XStream.</li>
         </ul>
       </li>
     </ul>

diff --git a/xstream-distribution/src/content/index.html b/xstream-distribution/src/content/index.html
@@ -1,7 +1,7 @@
 <html>
 <!--
  Copyright (C) 2005, 2006 Joe Walnes.
- Copyright (C) 2006, 2007, 2008, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2020, 2021, 2022 XStream committers.
+ Copyright (C) 2006, 2007, 2008, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2020, 2021, 2022, 2024 XStream committers.
  All rights reserved.
  
  The software in this package is published under the terms of the BSD
@@ -73,11 +73,15 @@ <h1 id="getting-started">Getting Started</h1>
 
     <h1 id="news">Latest News</h1>
 
-    <h2 id="1.4.20"><b>December 24, 2022</b> XStream 1.4.20 released</h2>
+	<h2 id="release"><b>November 7, 2024</b> XStream 1.4.21 released</h2>
 
-	<p class="highlight">This maintenance release addresses the security vulnerabilities
-	<a href="CVE-2022-40151.html">CVE-2022-40151</a> and <a href="CVE-2022-41966.html">CVE-2022-41966</a>, causing a
-	Denial of Service by raising a stack overflow.  It also provides new converters for Optional and Atomic types.</p>
+	<p class="highlight">This maintenance release addresses the security vulnerability
+	<a href="CVE-2024-47072.html">CVE-2024-47072</a>, when using the BinaryDriver to unmarshal a manipulated input
+	stream causing a Denial of Service due to a stack overflow.</p>
+
+	<p>A new converter fir the WeakHashMap avoids the access to the ReentrantLock introduced with Java 19.</p>
+
+	<p>The release contains an optimization for the memory consumption.</p>
 
 	<p>View the complete <a href="changes.html">change log</a> and <a href="download.html">download</a>.</p>
 

diff --git a/xstream-distribution/src/content/news.html b/xstream-distribution/src/content/news.html
@@ -1,7 +1,7 @@
 <html>
 <!--
  Copyright (C) 2005, 2006 Joe Walnes.
- Copyright (C) 2006, 2007, 2008, 2009, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2020, 2021, 2022 XStream committers.
+ Copyright (C) 2006, 2007, 2008, 2009, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2020, 2021, 2022, 2024 XStream committers.
  All rights reserved.
  
  The software in this package is published under the terms of the BSD
@@ -16,7 +16,21 @@
 
   <body>
 
-    <h2 id="1.4.20"><b>December 24, 2022</b> XStream 1.4.20 released</h2>
+    <h2 id="1.4.20"><b>November 7, 2024</b> XStream 1.4.21 released</h2>
+
+	<p class="highlight">This maintenance release addresses the security vulnerability
+	<a href="CVE-2024-47072.html">CVE-2024-47072</a>, when using the BinaryDriver to unmarshal a manipulated input
+	stream causing a Denial of Service due to a stack overflow.</p>
+
+	<p>A new converter fir the WeakHashMap avoids the access to the ReentrantLock introduced with Java 19.</p>
+
+	<p>The release contains an optimization for the memory consumption.</p>
+
+	<p>View the complete <a href="changes.html">change log</a> and <a href="download.html">download</a>.</p>
+
+	<p>Note, the next major release 1.5 will require Java 11.</p>
+
+	<h2 id="1.4.20"><b>December 24, 2022</b> XStream 1.4.20 released</h2>
 
 	<p class="highlight">This maintenance release addresses the security vulnerabilities
 	<a href="CVE-2022-40151.html">CVE-2022-40151</a> and <a href="CVE-2022-41966.html">CVE-2022-41966</a>, causing a