"Applied fix from trunk for revision: 1736434 "

------------------------------------------------------------------------ r1736434 | jleroux | 2016-03-24 13:12:11 +0100 (jeu. 24 mars 2016) | 7 lignes Fixes "Update XStream lib to prevent XML External Entity (XXE) Processing" - https://issues.apache.org/jira/browse/OFBIZ-6959 The XStream team has released the 1.4.9 stable version in March 15, 2016 This version fixes the XML External Entity (XXE) Processing security issue https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing Since OFBiz uses the DomDriver, with Java 6 at least in supported releases, OFBiz seems not really vulnerable https://x-stream.github.io/faq.html#Security_XXEVulnerability, but better to be safe than sorry, notably for not OOTB uses... ------------------------------------------------------------------------ � git-svn-id: https://svn.apache.org/repos/asf/ofbiz/branches/release12.04@1736438 13f79535-47bb-0310-9956-ffa450edef68
apache · Mar 24, 2016 · f8115e2 · f8115e2
1 parent 4987737
commit f8115e2
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 2 deletions.
diff --git a/.classpath b/.classpath
@@ -62,7 +62,7 @@
     <classpathentry kind="lib" path="framework/base/lib/xmlrpc-client-3.1.2.jar"/>
     <classpathentry kind="lib" path="framework/base/lib/xmlrpc-common-3.1.2.jar"/>
     <classpathentry kind="lib" path="framework/base/lib/xmlrpc-server-3.1.2.jar"/>
-    <classpathentry kind="lib" path="framework/base/lib/xstream-1.4.6.jar"/>
+    <classpathentry kind="lib" path="framework/base/lib/xstream-1.4.9.jar"/>
     <classpathentry kind="lib" path="framework/base/lib/xpp3-1.1.4c.jar"/>
     <classpathentry kind="lib" path="framework/base/lib/commons/commons-beanutils-1.7.0.jar"/>
     <classpathentry kind="lib" path="framework/base/lib/commons/commons-cli-1.0.jar"/>

diff --git a/LICENSE b/LICENSE
@@ -456,7 +456,7 @@ framework/base/lib/ical4j-1.0-rc2.jar
 lib/build/javacc/javacc.jar (5.0)
 framework/base/lib/javolution-5.4.3.jar
 framework/base/lib/xpp3-1.1.4c.jar
-framework/base/lib/xstream-1.4.6.jar
+framework/base/lib/xstream-1.4.9.jar
 framework/base/lib/owasp-esapi-full-java-1.4.jar
 framework/base/lib/scripting/antlr-2.7.6.jar
 framework/base/lib/scripting/asm-3.2.jar

diff --git a/framework/base/lib/xstream-1.4.6.jar b/framework/base/lib/xstream-1.4.6.jar
diff --git a/framework/base/lib/xstream-1.4.9.jar b/framework/base/lib/xstream-1.4.9.jar