There is a vulnerability in com.thoughtworks.xstream.xstream 1.4.20, upgrade recommended

**Describe the bug**
In the current version of OpenGrok (last release is 1.13.24), OpenGrok Suggester [includes xstream 1.4.20](https://github.com/oracle/opengrok/blob/41b2c23d57c0a8a5a8bc73f1a527598d9863b2bc/suggester/pom.xml#L124) which has a vulnerability: [CVE-2024-47072](https://osv.dev/vulnerability/GHSA-hfq9-hggm-c56q)

Recommended version 1.4.21 fixes the above vulnerability.

**Additional context**

I tried updating 1.4.21 to see if it would be a trivial upgrade, but a couple unit test failures in ChronicleMapAdapterTest (`testResize()` and `dataNotLostAfterResizeTest()`) fail with the exception: `com.thoughtworks.xstream.converters.ConversionException: unable to convert node named=org.apache.lucene.util.BytesRef`.

Thank you!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

There is a vulnerability in com.thoughtworks.xstream.xstream 1.4.20, upgrade recommended #4691

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

There is a vulnerability in com.thoughtworks.xstream.xstream 1.4.20, upgrade recommended #4691

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions