/
changes.html
1652 lines (1381 loc) · 88.4 KB
/
changes.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<html>
<!--
Copyright (C) 2005, 2006 Joe Walnes.
Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
style license a copy of which has been included with this distribution in
the LICENSE.txt file.
Created on 29. January 2005 by Joe Walnes
-->
<head>
<title>Change History</title>
</head>
<body>
<p>Changes are split into three categories:</p>
<ul>
<li><b>Major changes</b>: The major new features that all users should know about.</li>
<li><b>Minor changes</b>: Any smaller changes, including bugfixes.</li>
<li><b>API changes</b>: Any changes to the API that could impact existing users.</li>
</ul>
<p>
Full details can be found in GitHub's <a href="https://github.com/x-stream/xstream/issues?q=is%3Aissue+is%3Aclosed">Issues</a>,
filter for the appropriate milestone.
</p>
<h1 id="upcoming-1.4.x">Upcoming 1.4.x maintenance release</h1>
<p>Not yet released.</p>
<p class="highlight">This maintenance release addresses the security vulnerability CVE-2017-9805 reported
originally for Struts' XStream Plugin, an arbitrary execution of commands when unmarshalling for XStream instances
with uninitialized security framework.</p>
<h1 id="1.4.13">1.4.13</h1>
<p>Released September 6, 2020.</p>
<h2>Major changes</h2>
<ul>
<li>GHPR:#218: Defer reflective access to Java core modules.</li>
<li>GHI:#207: New predefined blacklist avoids vulnerability due to improper setup of the security framework.</li>
</ul>
<h1 id="1.4.12">1.4.12</h1>
<p>Released April 12, 2020.</p>
<h2>Minor changes</h2>
<ul>
<li>XmlFriendlyNameCoder supports now XML parsers implementing only 4th edition of XML 1.0 specification.</li>
<li>Fix support of CDATA events in StAX.</li>
<li>GHI:#171: XStream.createObjectInputStream does not pass the DataHolder.</li>
<li>GHI:#151: Use of SPDX license identifier in POM and Manifest.</li>
<li>GHI:#152: Declare OSGi import of internal runtime packages as optional.</li>
<li>Drop Require-Capability entry in manifest.</li>
</ul>
<h1 id="1.4.11.1">1.4.11.1</h1>
<p>Released October 27, 2018.</p>
<h2>Hot fix</h2>
<ul>
<li>GHI:#133: XStream 1.4.11 fails to run on a Java Runtime < 8.</li>
</ul>
<h1 id="1.4.11">1.4.11</h1>
<p>Released October 23, 2018.</p>
<p class="highlight">This maintenance release addresses again the security vulnerability <a href="CVE-2013-7285.html">
CVE-2013-7285</a>, an arbitrary execution of commands when unmarshalling for XStream instances with
uninitialized security framework. Only 1.4.10 uninitialized security framework was affected.</p>
<h2>Minor changes</h2>
<ul>
<li>GHPR:#91, GHPR:#106: Clean-up data stacks in UnmarshallingContext implementations in case of exception (by
Märt Bakhoff).</li>
<li>GHI:#2: Unneeded contention in DefaultConverterLookup.</li>
<li>GHI:#94: Fix PathConverter containing absolute Windows paths.</li>
<li>GHI:#105: XStream's ObjectInputStream returns wrong values for readUnsignedByte and readUnsignedShort.</li>
<li>JIRA:XSTR-616 and GHPR:#93: Introduce StringCodec interface to support arbitrary Base64 codec
implementations for EncodedByteArrayConverter. Prefer Base64 codec implementations of the Java runtime over
XStream's own one.</li>
<li>GHI:#97: Support to run out of the box in a Java 1.4 runtime is established again.</li>
<li>Provide methods in AbstractCollectionConverter that read and write in a balanced way from and to the
hierarchical stream.</li>
<li>New future-proof method JVM.isVersion to detect major version of Java runtime (incl. Java 10) as
replacement for individual JVM.isXY methods.</li>
<li>GHI:#115: Dom4JDriver ignores character set of Dom4J configuration creating a Writer.</li>
<li>GHI:#116: Make converters null safe.</li>
<li>GHI:#123 and GHPR:#124: Declare XPP dependencies for OSGi as optional.</li>
<li>Add XppDriver.createDefaultParser for a simpler access to the default XmlPullParserFactory.</li>
<li>Old BEA reference implementation of StAX is outdated, unmaintained and has security issues, therefore
XStream's driver has been deprecated.</li>
<li>Support for JaCoCo: FieldDictionary ignores synthetic fields starting with <em>$jacoco</em> as name.</li>
<li>Add integration test for OSGi (by Wes Wannemacher).</li>
</ul>
<h2>Stream compatibility</h2>
<ul>
<li>The EncodedByteArrayConverter will now use an encoder by default that does no longer add line breaks as
normally required by the RFC 1521 after 76 characters, making it also easier to use the converter for
attributes. This will not affect XStream's Base64 decoder.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Added c.t.x.converters.collection.AbstractCollectionConverter.readBareItem(HierarchicalStreamReader, UnmarshallingContext, Object).</li>
<li>Added c.t.x.converters.collection.AbstractCollectionConverter.readCompleteItem(HierarchicalStreamReader, UnarshallingContext, Object).</li>
<li>Deprecated c.t.x.converters.collection.AbstractCollectionConverter.readItem(HierarchicalStreamReader, UnmarshallingContext, Object).</li>
<li>Added c.t.x.converters.collection.AbstractCollectionConverter.writeBareItem(Object, MarshallingContext, HierarchicalStreamWriter).</li>
<li>Added c.t.x.converters.collection.AbstractCollectionConverter.writeCompleteItem(Object, MarshallingContext, HierarchicalStreamWriter).</li>
<li>Deprecated c.t.x.converters.collection.AbstractCollectionConverter.writeItem(Object, MarshallingContext, HierarchicalStreamWriter).</li>
<li>Added c.t.x.converters.collection.AbstractCollectionConverter.writeNullItem(MarshallingContext, HierarchicalStreamWriter).</li>
<li>Added c.t.x.converters.extended.EncodedByteArrayConverter(StingCodec).</li>
<li>Added c.t.x.converters.extended.NamedCollectionConverter.readBareItem(HierarchicalStreamReader, UnmarshallingContext, Object).</li>
<li>Deprecated c.t.x.converters.extended.NamedCollectionConverter.readItem(HierarchicalStreamReader, UnmarshallingContext, Object).</li>
<li>Added c.t.x.converters.extended.NamedCollectionConverter.writeCompleteItem(Object, MarshallingContext, HierarchicalStreamWriter).</li>
<li>Deprecated c.t.x.converters.extended.NamedCollectionConverter.writeItem(Object, MarshallingContext, HierarchicalStreamWriter).</li>
<li>Added c.t.x.core.DefaultConverterLookup(Map).</li>
<li>Added c.t.x.core.util.JVM.getBase64Codec().</li>
<li>Added c.t.x.core.util.JVM.isVersion().</li>
<li>Deprecated c.t.x.core.util.JVM.is18().</li>
<li>Deprecated c.t.x.core.util.JVM.is9().</li>
<li>Deprecated c.t.x.io.ExtendedHierarchicalStreamReader.</li>
<li>Deprecated c.t.x.io.ExtendedHierarchicalStreamWriter.</li>
<li>Deprecated c.t.x.io.ExtendedHierarchicalStreamWriterHelper.</li>
<li>Deprecated c.t.x.io.xml.BEAStaxDriver.</li>
<li>Added c.t.x.io.xml.Dom4JReader.Dom4JReader(Branch).</li>
<li>Added c.t.x.io.xml.XppDriver.createDefaultParser().</li>
<li>Added c.t.x.core.util.StingCodec.</li>
</ul>
<h1 id="1.4.10">1.4.10</h1>
<p>Released May 23, 2017.</p>
<p class="highlight">This maintenance release addresses also the security vulnerability <a href="CVE-2017-7957.html">
CVE-2017-7957</a>, used for a Denial of Service attack by crashing the Java runtime.</p>
<h2>Major changes</h2>
<ul>
<li>GHI:#84: New XStream artifact with <em>-java7</em> appended as version suffix for a library explicitly
without the Java 8 stuff (lambda expression support, converters for java.time.* package).</li>
<li>Fix PrimitiveTypePermission to reject type <em>void</em> to prevent CVE-2017-7957 with an initialized
security framework.</li>
<li>Improve performance by minimizing call stack of mapper chain.</li>
<li>GHPR:#82, JIRA:XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal
packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora).</li>
<li>GHI:#29: JavaBeanConverter does not respect ignored unknown elements.</li>
<li>Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x.</li>
<li>Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to
known exploits.</li>
</ul>
<h2>Stream Compatibility</h2>
<ul>
<li>The alias <em>duration</em> for type <em>javax.xml.datatype.Duration</em> has changed to <em>xml-duration</em>
due to the support of the classes in the java.time package. <em>duration</em> is now used for type <em>java.time.Duration</em>.
Simply register the alias <em>duration</em> again for type <em>javax.xml.datatype.Duration</em> if backward
compatibility is required for this type.
</li>
<li>All types of the java.time packages that have been written with previous versions of XStream can still be
deserialized.</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>GHI:#54: Fix BeanProvider.canInstantiate(Class), method may not throw exception.</li>
<li>GHI:#76 and GHPR:#77: Missing support for cascaded writeReplace calls.</li>
<li>GHI:#61: Regression in 1.4.9: Performance drop in ImplicitCollectionMapper.</li>
<li>GHI:#52: PathConverter fails for file paths with spaces.</li>
<li>PathConverter uses always forward slashes as path separator.</li>
<li>GHI:#53: SqlTimestampConverter cannot parse values without fraction.</li>
<li>GHI:#45: Support different time zones for SqlTimestampConverter.</li>
<li>GHI:#67 and GHPR:#68: Allow usage of DataHolder for createObjectInputStream and createObjectOutputStream.</li>
<li>GHI:#75: Use java.time.* package instead of Joda-Time.</li>
<li>Dom4JXmlWriter does not flush writer at endDocument().</li>
<li>Path is an immutable type.</li>
<li>GHPR:#65: Protect converter lookup against runtime errors.</li>
<li>Current Java 9 implementation reports itself as version 9 now.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Added c.t.x.util.JVM.is9().</li>
<li>Added c.t.x.XStream.setupDefaultSecurity(XStream).</li>
<li>Added c.t.x.XStream.createObjectInputStream(HierarchicalStreamReader, DataHolder) and
c.t.x.XStream.createObjectOutputStream(HierarchicalStreamWriter, String, DataHolder).</li>
<li>Added c.t.x.converters.javabean.PropertyDictionary.propertyDescriptorOrNull(Class, String).</li>
<li>Added method c.t.x.mapper.Mapper.IsIgnoredElement(String)</li>
<li>Added c.t.x.mapper.ElementIgnoringMapper.</li>
<li>Deprecated method c.t.x.mapper.FieldAliasingMapper.addFieldsToIgnore(Pattern).</li>
<li>Deprecated method c.t.x.mapper.FieldAliasingMapper.omitField(Class, String).</li>
<li>Deprecated method c.t.x.core.util.JVM.is17().</li>
<li>Deprecated method c.t.x.core.util.JVM.is19().</li>
</ul>
<h1 id="1.4.9">1.4.9</h1>
<p>Released March 15, 2016.</p>
<p class="highlight">This maintenance release addresses also the security vulnerability <a href="CVE-2016-3674.html">
CVE-2016-3674</a>, known as XXE vulnerability that can be used to expose arbitrary data from the file system
when unmarshalling.</p>
<h2>Major changes</h2>
<ul>
<li>GHI:#25: Fix <a href="https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing">XXE
vulnerability (CVE-2016-3674)</a>: Fixed affected drivers were Dom4JDriver, DomDriver, JDomDriver, JDom2Driver,
SjsxpDriver, StandardStaxDriver and WstxDriver. Still vulnerable are BEAStaxDriver and XomDriver. Processing of
(external) entities has been disabled. See <a href="faq.html#Security_XXEVulnerability">FAQ</a> for more information.
</li>
<li>Benchmark module has been deprecated in favor of <a href="http://openjdk.java.net/projects/code-tools/jmh/">
JMH (Java Microbenchmarking Harness)</a>.
</li>
<li>GHI:#33 and GHPR:#38: Add converter for java.nio.file.Path (by Aaron Jonson).</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>GHI:#35: AnnotationMapper dropped silently constructor arguments for converters if they were equal.</li>
<li>Fix: Possible concurrency problem with XomDriver.</li>
<li>JIRA:XSTR-773, GHPR:#3: Minimize memory footprint by not keeping internal references to instances of
immutable types.</li>
<li>Drop automatic reference support at deserialization time for immutable types before version 1.4 (primitive
types and their boxed counterpart, java.lang.Class, java.lang.String, java.math.BigDecimal, java.math.BigInteger,
java.io.File, java.net.URL, and java.awt.font.TextAttribute).</li>
<li>Fix: Implicit collection declaration is erroneously inherited or propagated to hidden field of same name.</li>
<li>XStreamConverter annotation supports null values as arguments for converter instantiation.</li>
<li>GHI:#5: Support null values for JavaBean properties.</li>
<li>GHI:#36: Fix NamedMapConverter, does not use SingleValueConverter of value if value is text of entry element.</li>
<li>GHI:#13: Own converter for javax.activation.ActivationDataFlavor, because ExternalizableConverter cannot
handle a type that violates the Java specification.</li>
<li>GHPR:#18: Minimize synchronized block in FieldDictionary.</li>
<li>JIRA:XSTR-769: Synthetic fields with references to outer class use compiler dependent names.</li>
<li>JIRA:XSTR-771: UUID is an immutable type by default.</li>
<li>GHPR:#23: Constructor of AbstractXppDriver swallows causing exception.</li>
<li>GHI:#28: Fix functionality of ClassAliaslingMapper.itemTypeAsAttributes(Class).</li>
<li>GHI:#37: Historical Java 1.3 support suppresses causing exception of a thrown InvocationTargetException.</li>
<li>GHI:#41: Cannot instantiate ToAttributedValueConverter with null value for valueFieldName using
XStreamConverter annotation.</li>
<li>Fix example code in description of security framework.</li>
<li>Clean-up usage of exceptions.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Added c.t.x.XStream.addImmutableType(Class, boolean) and deprecated c.t.x.XStream.addImmutableType(Class).</li>
<li>Added c.t.x.mapper.Mapper.isReferenceable(Class).</li>
<li>Added c.t.x.mapper.ImmutableTypesMapper.addImmutableType(Class, boolean) and deprecated
c.t.x.mapper.ImmutableTypesMapper.addImmutableType(Class).</li>
<li>Added c.t.x.io.xml.Dom4JDriver.createReader().</li>
<li>Added c.t.x.io.xml.DomDriver.createDocumentBuilderFactory().</li>
<li>Added c.t.x.io.xml.JDomDriver.createBuilder().</li>
<li>Added c.t.x.io.xml.JDom2Driver.createBuilder().</li>
<li>Added c.t.x.io.xml.XomDriver.createBuilder().</li>
<li>Added constructor c.t.x.converter.extended.ToAttributedValueConverter.ToAttributedValueConverter(Class,
Mapper, ReflectionProvider, ConverterLookup).</li>
<li>Added abstract c.t.x.converter.ErrorWritingException as common base for c.t.x.converter.ConversionException
and c.t.x.converter.reflection.ObjectAccessException.</li>
<li>Deprecated c.t.x.io.xml.XomDriver(Builder), c.t.x.io.xml.XomDriver(Builder, NameCoder) and
c.t.x.io.xml.XomDriver.getBuilder().</li>
<li>Deprecated c.t.x.mapper.ClassAliaslingMapper.itemTypeAsAttributes(Class) and
c.t.x.mapper.ClassAliaslingMapper.aliasIsAttribute(String). Methods never called, left-over from old refactoring.</li>
</ul>
<h1 id="1.4.8">1.4.8</h1>
<p>Released February 18, 2015.</p>
<h2>Major changes</h2>
<ul>
<li>Support for serializable lambda expressions and handling of non-serializable ones.</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>Detect Java 9 runtime.</li>
<li>JIRA:XSTR-767: Deserialization of referenced lambda expressions fail.</li>
<li>JIRA:XSTR-762: Private method readResolve() called on base classes.</li>
<li>JIRA:XSTR-761: Support ignored serialPersistentField at deserialization time.</li>
<li>JIRA:XSTR-755: ExternalizableConverter does not respect writeReplace and readResolve.</li>
<li>JIRA:XSTR-757: Deserialized TreeSet does not honor remove(Object) return value contract.</li>
<li>JIRA:XSTR-759: Support deserialization of <a href="http://www.w3.org/TR/NOTE-datetime">W3C datetime
format</a> in DateConverter with Java 7 runtime.
</li>
<li>Fix: DateConverter ignores provided locale.</li>
<li>JIRA:XSTR-768: ISO8601GregorianCalendarConverter may set invalid time zone for Joda-Time.</li>
<li>Fix: WeakCache.entrySet().iterator().next.setValue(value) returns the reference instead of the old value.</li>
<li>Fix: SqlTimestampConverter throws IllegalArgumentException instead of ConversionException on fromString().</li>
<li>Fix: CGLIBEnhancedConverter does not initialize transient members of parent after deserialization.</li>
<li>JIRA:XSTR-763: Set scope of org.json:json to test instead declaring the dependency as optional.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Added c.t.x.util.JVM.is19().</li>
<li>Added c.t.x.converter.reflection.LambdaConverter and c.t.x.mapper.LambdaMapper.</li>
<li>Declare c.t.x.XStream.ignoreUnknownElements(Pattern) as public.</li>
<li>c.t.x.converters.reflection.AbstractReflectionConverter.readResolve() is protected now.</li>
<li>c.t.x.mapper.AbstractAttributeAliasingMapper.readResolve() is protected now.</li>
<li>Deprecated c.t.x.converters.extended.StackTraceElementFactory, it is an internal helper class.</li>
<li>Deprecated c.t.x.converters.reflection.SerializationMethodInvoker, it is an internal helper class.</li>
<li>Deprecated c.t.x.io.AttributeNameIterator, it is an internal helper class.</li>
<li>Deprecated c.t.x.XStream.useXStream11XmlFriendlyMapper(), corresponding
c.t.x.mapper.XStream11XmlFriendlyMapper has been deprecated long ago.</li>
<li>Deprecated c.t.x.converter.basic.BooleanConverter.shouldConvert(Class,Object), undetected remainder of
ancient XStream version.</li>
</ul>
<h1 id="1.4.7">1.4.7</h1>
<p>Released February 8, 2014.</p>
<p class="highlight">This maintenance release addresses mainly the security vulnerability <a href="CVE-2013-7285.html">
CVE-2013-7285</a>, an arbitrary execution of commands when unmarshalling.</p>
<h2>Major changes</h2>
<ul>
<li>Add <a href="security.html#framework">security framework</a> to limit handled types while unmarshalling.
</li>
<li>java.bean.EventHandler no longer handled automatically because of severe security vulnerability.</li>
<li>JIRA:XSTR-751: New SunLimitedUnsafeReflectionProvider that uses undocumented features only to allocate new
instances as required on Dalvik.</li>
<li>Fix instantiation of AnnotationMapper that requires ConverterLookup and ConverterRegistry to be the same
instance.</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>XSTR-749: NPE if ReflectionConverter.canConvert(type) is called with null as argument.</li>
<li>XSTR-753: NPE if SerializationConverter.canConvert(type) is called with an interface type as argument that
extends Serializable.</li>
<li>Add constructor to ReflectionConverter taking an additional type to create an instance that is dedicated to a
specific type only.</li>
<li>The ConverterLookup used by default cannot be casted to a ConverterRegistry anymore.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Added package c.t.x.security with interface TypePermission, all its implementations and
ForbiddenClassException.</li>
<li>Added c.t.x.mapper.SecurityMapper handling the new type permissions.</li>
<li>Added methods addPermission, denyPermission, allowTypesXXX and denyTypesXXX to c.t.x.XStream to setup
security at unmarshalling time.</li>
<li>Added c.t.x.converters.reflection.SunLimitedUnsafeReflectionProvider.</li>
<li>Deprecated c.t.x.converters.reflection.Sun14ReflectionProvider in favor of new
c.t.x.converters.reflection.SunUnsafeReflectionProvider.</li>
<li>Added c.t.x.converters.reflection.ReflectionConverter(Mapper,ReflectionProvider,Class).</li>
</ul>
<h1 id="1.4.6">1.4.6</h1>
<p>Released December 12, 2013.</p>
<h2>Major changes</h2>
<ul>
<li>JIRA:XSTR-566 and JIRA:XSTR-200: Better compatibility with GAE and environments with active SecurityManager
(i.e. in an Applet). XStream converters try now to ensure already in the canConvert methods that they can handle the
requested type in practice and not only theoretically. Additionally the implementations even better take care, that
the initialization of a converter will not break the setup of XStream itself. Following modifications have been done
for these topics:
<ul>
<li>ReflectionConverter, SerializationConverter and LookAndFieldConverter will check if they can access the
fields by reflection for a requested type.</li>
<li>SerializationConverter and ExternalizableConverter will check if they can create an instance of a derived
OutputObjectStream first.</li>
<li>BeanProvider does no longer use reflection to locate default constructor.</li>
<li>AbstractAttributedCharacterIteratorAttributeConverter (and therefore TextAttributeConverter) will check
first if it can access the possible constants of the type by reflection.</li>
<li>NoClassDefFoundError raised in GAE accessing the fields of restricted types by reflection will be handled.</li>
<li>StackTraceElementConverter uses constructor for StackTraceElement instances in Java 5 and GEA.</li>
</ul>
</li>
<li>JIRA:XSTR-739 and JIRA:XSTR-746: OrderRetainingMap fails if HashMap.putAll(Map) of Java Runtime is not
implemented calling put for every element within the map.</li>
<li>New NamedArrayConverter to define names of inner elements.</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>JIRA:XSTR-747: All constructors of StaxDriver derived classes take erroneously a XmlFriendlyNameCoder instead
of a plain NameCoder.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Added c.t.x.converters.extended.NamedArrayConverter for free element names in arrays.</li>
<li>Added constructors to c.t.x.io.xml.StandardStaxDriver taking NameCoder instead of XmlFriendlyNameCoder.</li>
<li>Deprecated constructors of c.t.x.io.xml.StandardStaxDriver taking a XmlFriendlyNameCoder.</li>
<li>Added constructors to c.t.x.io.xml.BEAStaxDriver taking NameCoder instead of XmlFriendlyNameCoder.</li>
<li>Deprecated constructors of c.t.x.io.xml.BEAStaxDriver taking a XmlFriendlyNameCoder.</li>
<li>Added constructors to c.t.x.io.xml.WstxDriver taking NameCoder instead of XmlFriendlyNameCoder.</li>
<li>Deprecated constructors of c.t.x.io.xml.WstxDriver taking a XmlFriendlyNameCoder.</li>
<li>Added method canAccess to c.t.x.converter.reflection.AbstractReflectionConverter.</li>
<li>Added static method canCreateDerivedObjectOutputStream to c.t.x.core.JVM.</li>
<li>Deprecated unused member c.t.x.converter.javabean.BeanProvider.NO_PARAMS.</li>
<li>Deprecated unused method c.t.x.converter.javabean.BeanProvider.getDefaultConstrutor(Class).</li>
</ul>
<h1 id="1.4.5">1.4.5</h1>
<p>Released September 18, 2013.</p>
<h2>Major changes</h2>
<ul>
<li>JIRA:XSTR-732: Use a referencing implementation for the ClassLoader to support environments where no new
ClassLoader can be instantiated due to security restrictions.</li>
<li>JIRA:XSTR-691: Allow unknown XML elements to be ignored using new method XStream.ignoreUnknownElements.</li>
<li>JIRA:XSTR-728: XStream creates invalid JSON with JsonHierarchicalStreamDriver for custom converters since
XStream 1.4.</li>
<li>JIRA:XSTR-300: New EnumToStringConverter to support custom string representations of Enum values.</li>
<li>JIRA:XSTR-292 and JIRA:XSTR-405: New NamedMapConverter and NamedCollectionConverter to define names of inner
elements.</li>
<li>JIRA:XSTR-726: New annotation XStreamAliasType to support declarative definition of XStream.aliasType().</li>
<li>JIRA:XSTR-735: Support for JDOM2 with JDom2Driver, JDom2Reader and JDom2Writer.</li>
<li>Optimized XML structure for java.awt.Font.</li>
<li>Fix: ToAttributedValueConverter silently appends fields without attribute support to the value producing
mixed-mode XML.</li>
<li>JIRA:XSTR-566 and JIRA:XSTR-249: Better compatibility with Google AppEngine and J2ME, setup no longer fails
for unavailable converters.</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>Fix missing manifest information.</li>
<li>JIRA:XSTR-729: Add OSGi information to manifests.</li>
<li>JIRA:XSTR-723: XStream will now detect a working enhanced mode dynamically instead using lists of known
vendors. This allows enhanced support for JamVM if it is bundled with OpenJDK. It will currently fail on a runtime
based on GNU Classpath (at least up to version 0.98).</li>
<li>JIRA:XSTR-541: JavaScript compatibility problem with 64-bit integers in JSON.</li>
<li>JIRA:XSTR-719: Support replacement of default converter in any case.</li>
<li>JIRA:XSTR-725: processAnnotation performance improvement in concurrent situation.</li>
<li>JIRA:XSTR-721: EnumConverter is more lenient while parsing constants.</li>
<li>New constructors for CollectionConverter and MapConverter to allow registration for an individual type.</li>
<li>JIRA:XSTR-724: Cache class name lookup failures.</li>
<li>Current IBM JDK for Java 1.4.2 no longer has a reverse field ordering.</li>
<li>LongConverter supports now positive hex and octal numbers over Long.MAX_VALUE within 64 bit.</li>
<li>Fix: Sun14RefectionProvider ignores a provided FieldDictionary.</li>
<li>JIRA:XSTR-457: Do not write 'defined-in' attribute if not needed.</li>
<li>JettisonMappedXmlDriver provides better support to overwrite its create methods.</li>
<li>JIRA:XSTR-685: StAX based drivers (StaxDriver and JettisonMappedXmlDriver) are not closing internal input
stream reading from file or URL.</li>
<li>JIRA:XSTR-736: XStream.unmarshal may throw NPE if version info of manifest is missing.</li>
<li>JIRA:XSTR-733: Implicit elements that match multiple defined implicit collections will be assigned to the map
with the nearest matching element type.</li>
<li>JIRA:XSTR-740: ISO8601GregorianCalendarConverter creates Calendar instance with wrong Locale in Java 7 if the
Locale for the LocaleCategory.FORMAT is different to the global default Locale.</li>
<li>JIRA:XSTR-578: Implement support for aliasing in JavaClasConverter, JavaFieldConverter and
JavaMethodConverter. While it is not possible to enable this in general, new constructors have been added to these
converters and an example in the acceptance tests (AliasTest).</li>
<li>JIRA:XSTR-742: Register CompositeClassLoader in Java 7 as parallel capable.</li>
<li>JIRA:XSTR-743: Support proxy collections of Hibernate Envers.</li>
<li>Fix NPE in AttributeMapper.shouldLookForSingleValueConverter if parameters fieldName and definedIn are null.</li>
<li>Implicit type argument can be omitted when registering converters with @XStreamConverter annotation.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Added c.t.x.converters.extended.NamedCollectionConverter for free element names in collections.</li>
<li>Added c.t.x.converters.extended.NamedMapConverter for free element names in maps.</li>
<li>Added c.t.x.io.xml.StandardStaxDriver to use the StAX implementation delivered with the Java 6 runtime.</li>
<li>Deprecated c.t.x.io.xml.SjsxpStaxDriver to select the internal StAX implementation of Oracle.</li>
<li>Added static methods getStaxInputFactory and getStaxOutputFactory to c.t.x.core.JVM as returning the
implementations of javax.xml.stream.XMLInputFactory (resp. javax.xml.stream.XMLOutputFactory) delivered with the Java
Runtime since Java 6.</li>
<li>Added c.t.x.core.ClassLoaderReference.</li>
<li>Added constructors taking an additional Class argument for c.t.x.converters.collections.CollectionConverter
and c.t.x.converters.collections.MapConverter.</li>
<li>Added constructors taking a ClassLoaderReference instead of a ClassLoader and deprecated the ones taking the
ClassLoader:
<ul>
<li>c.t.x.XStream</li>
<li>c.t.x.converters.extended.DynamicProxyConverter</li>
<li>c.t.x.converters.extended.JavaClassConverter</li>
<li>c.t.x.converters.extended.JavaFieldConverter</li>
<li>c.t.x.converters.extended.JavaMethodConverter</li>
<li>c.t.x.converters.reflection.CGLIBEnhancedConverter</li>
<li>c.t.x.converters.reflection.ExternalizableConverter</li>
<li>c.t.x.converters.reflection.SerializableConverter</li>
<li>c.t.x.mapper.AnnotationMapper</li>
<li>c.t.x.mapper.DefaultMapper</li>
</ul>
</li>
<li>Added static methods newReflectionProvider, isAWTAvailable, isSQLAvailable and isSwingAvailable to
c.t.x.core.JVM as replacement for the deprecated non-static methods.</li>
<li>Deprecated c.t.x.core.JVM() and all non-static methods.</li>
<li>Added method useImplicitType to c.t.x.annotations.XStreamConverter.</li>
<li>JIRA:XSTR-722: Added c.t.x.converters.reflection.ReflectionProvider.getFieldOrNull(Class, String).</li>
<li>Deprecated c.t.x.converters.reflection.ReflectionProvider.fieldDefinedInClass(Class, String) in favor of new
c.t.x.converters.reflection.ReflectionProvider.getFieldOrNull(Class, String).</li>
<li>Deprecated constructor c.t.x.converters.extended.RegexPatternConverter(Converter) in favor of
c.t.x.converters.extended.RegexPatternConverter().</li>
<li>Deprecated default constructor of c.t.x.converters.extended.FontConverter in favor of
c.t.x.converters.extended.FontConverter(Mapper).</li>
<li>Deprecated constructor c.t.x.converters.extended.ThrowableConverter(Converter) in favor of
c.t.x.converters.extended.ThrowableConverter(ConverterLookup).</li>
<li>Deprecated class c.t.x.converters.reflection.SelfStreamingInstanceChecker and moved original implementation
into c.t.x.core.util, since it is internal.</li>
<li>Deprecated interface c.t.x.mapper.AnnotationConfiguration.</li>
</ul>
<h1 id="1.4.4">1.4.4</h1>
<p>Released January 19, 2013.</p>
<h2>Minor changes</h2>
<ul>
<li>JIRA:XSTR-709: Locks up on Mac with Apple JVM due to unwanted initialization of AWT.</li>
<li>JIRA:XSTR-711: DateConverter cannot handle dates in different era.</li>
<li>JIRA:XSTR-741: ToAttributedValueConverter fails to write enums as attributes.</li>
<li>JIRA:XSTR-712: HibernateMapper throws NPE if a collection contains null.</li>
<li>DateConverter supports now localized formats.</li>
<li>JIRA:XSTR-710: JsonWriter does not write BigInteger and BigDecimal as number values.</li>
<li>JIRA:XSTR-708: SqlTimestampConverter does not ignore timezone.</li>
<li>JIRA:XSTR-707: Creation of XmllPullParser with the XmlPullParserFactory may fail in OSGi environment.</li>
<li>JIRA:XSTR-705: Unnecessary synchronization accessing the field cache decreases performance.</li>
<li>JIRA:XSTR-714: Fields not found when XStream12FieldKeySorter used.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Deprecated method c.t.x.core.util.JVM.is14(), c.t.x.core.util.JVM.is15() and c.t.x.core.util.JVM.is16().</li>
</ul>
<h1 id="1.4.3">1.4.3</h1>
<p>Released July 17, 2012.</p>
<h2>Major changes</h2>
<ul>
<li>Support java.util.concurrent.ConcurrentHashMap with the MapConverter. This will also avoid a bug in JRockit
JDK reported in JIRA:XSTR-608.</li>
<li>JIRA:XSTR-699: Support for Hibernate 4 with XStream's Hibernate module as default for Java 6 or higher.</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>JVM.loadClass will now also initialize the loaded class and ignore any occurring LinkageError.</li>
<li>JIRA:XSTR-596: SubjectConverter will be no longer registered if initialization of javax.security.auth.Subject
fails.</li>
<li>JIRA:XSTR-683: Inheritance of implicit collections, arrays or maps is dependent on declaration sequence.</li>
<li>Inherited implicit collections, arrays or maps can be overwritten with own definition in subtype.</li>
<li>JIRA:XSTR-688: Cannot omit XML elements from derived fields.</li>
<li>JIRA:XSTR-696: Ill-formed JSON generated, because JSON writer is fed with type of declaring field instead of
the real object's type.</li>
<li>JIRA:XSTR-685: Deserialization from file or URL keeps stream open.</li>
<li>JIRA:XSTR-684: XML 1.0 character validation fails for characters from 0x10 to 0x1f.</li>
<li>JavaBeanConverter supports now instantiation for a specific type and can therefore be used in
@XStreamConverter annotation.</li>
<li>SerializableConverter is broken if the serialized type is the default implementation.</li>
<li>Method marshalUnserializableParent of SerializableConverter is protected now to skip the default mechanism in
a derived converter that uses the default constructor to create the original type (as an alternative for
JIRA:XSTR-695).</li>
<li>FieldDictionary may call sort of FieldKeySorter implementation with wrong type as key.</li>
<li>Sometimes DependencyInjectionFactory tries to instantiate objects with mismatching constructor arguments.</li>
<li>HSQLDB has to be a test dependency only for XStream's Hibernate module.</li>
</ul>
<h1 id="1.4.2">1.4.2</h1>
<p>Released November 3, 2011.</p>
<h2>Major changes</h2>
<ul>
<li>XStream libraries can be used now directly in Android, therefore support of Java 1.4.2 has been stopped with
the delivery. Anyone who needs a version for Java 1.4.2 can build it easily from source, this build is still
supported and part of CI.</li>
<li>JIRA:XSTR-675: New extended HierarchicalStreamReader interface with peekNextChild method. All XStream readers
implement the new interface (by Nikita Levyankov).</li>
<li>JIRA:XSTR-673: Collections.EMPTY_LIST, Collections.EMPTY_SET and Collections.EMPTY_MAP supported with own
alias and defined as immutable.</li>
<li>JIRA:XSTR-631: Collections.singletonList(), Collections.singletonSet() and Collections.singletonMap()
supported with own alias and own converters.</li>
<li>JIRA:XSTR-406 + JIRA:XSTR-663: Support additional parameters for XStreamConverter annotation (e.g. to declare
a ToAttributedValueConverter).</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>WstxDriver did not trigger Woodstox, but BEA StAX implementation.</li>
<li>JIRA:XSTR-260: PrettyPrintWriter does not handle tab and new line characters in attributes.</li>
<li>JIRA:XSTR-667: Cannot serialize empty list with JsonHierarchicalStreamDriver.</li>
<li>JIRA:XSTR-661: TreeMarshaller.CircularReference is not a ConversionException.</li>
<li>JIRA:XSTR-562: StAX: Namespace attribute is not written in non-repairing mode for second sibling.</li>
<li>JIRA:XSTR-664: ClassCastException in HibernatePersistentSortedSetConverter and
HibernatePersistentSortedMapConverter.</li>
<li>JIRA:XSTR-674: Recreate binary compatibility with 1.3.x series for method
CustomObjectInputStream.getInstance(...).</li>
<li>JIRA:XSTR-671: CannotResolveClassException should accept cause.</li>
<li>JIRA:XSTR-672: Collections.EMPTY_LIST, Collections.EMPTY_SET and Collections.EMPTY_MAP used for in implicit
collection should not throw ReferencedImplicitElementException.</li>
<li>JIRA:XSTR-676: Introduce MissingFieldException thrown at deserialization time indicating a missing field or
property (by Nikita Levyankov).</li>
<li>Add length limit for cached strings in StringConverter, 38 characters by default.</li>
<li>The JsonHierarchicalStreamDriver and the JsonWriter did not support the inherited NameCoder instance.</li>
<li>Add BinaryStreamDriver.</li>
<li>NPE in XppDomComparator.</li>
<li>Dom4JXmlWriter fails to flush the underlying writer.</li>
<li>Known control characters are not encoded with JsonWriter as proposed at json.org.</li>
<li>Detect duplicate property processing in JavaBeanConverter and throw DuplicatePropertyException instead of
clobbering silently.</li>
<li>Allow access to Mapper and JavaBeanProvider in derived instances of JavaBeanConverter.</li>
<li>DependencyInjectionFactory failed to create instance when a matching constructor was found, but a default
constructor was also present.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Added interface c.t.x.io.ExtendedHierarchicalStreamReader extending c.t.x.io.HierarchicalStreamReader. All
implementations of c.t.x.io.HierarchicalStreamReader will implement also the extended interface.</li>
<li>Added c.t.x.converters.reflection.MissingFieldException derived from
c.t.x.converters.reflection.ObjectAccessException and used instead when the unmarshalling process should write a
field or property that is missing and does not exist.</li>
<li>Added methods c.t.x.io.path.PathTracker.peekElement(), c.t.x.io.path.PathTracker.peekElement(int), and
c.t.x.io.path.PathTracker.depth().</li>
<li>Deprecated method c.t.x.core.ReferencingMarshallingContext.currentPath(). Wrong approach.</li>
</ul>
<h1 id="1.4.1">1.4.1</h1>
<p>Released August 11, 2011.</p>
<h2>Major changes</h2>
<ul>
<li>JIRA:XSTR-659: Use again Xpp3 as default parser, now with additional XmlPullParser API as regular dependency
for the XPP factory. Only standard kXML2 package contains the XPP factory, but not the minimal kXML2 version.</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>Add utility class c.t.x.io.xml.xppdom.XppFactory and a path tracking comparator for XppDom.</li>
</ul>
<h1 id="1.4">1.4</h1>
<p>Released August 6, 2011.</p>
<h2>Major changes</h2>
<ul>
<li>Java 7 is detected and supported.</li>
<li>JIRA:XSTR-542: The XppDriver uses now the official XmlPullParser API to locate an available parser using the
XmlPullParserFactory. This allows the usage of XPP technology with XStream in Android.</li>
<li>Additional explicit XPP drivers for the Xpp3 and kXML2 implementations.</li>
<li>Additional explicit XPP DOM drivers for the Xpp3 and kXML2 implementations.</li>
<li>kXML2 is now the preferred parser implementation, Xpp3 is optional.</li>
<li>Additional explicit StAX drivers for Woodstox, BEA StAX and SJSXP of the JDK 6 implementations.</li>
<li>JDK 1.3 is no longer officially supported.</li>
<li>JIRA:XSTR-377+JIRA:XSTR-226: New artifact xstream-hibernate with converters and mapper to process Hibernate
object graphs (by Costin Leau, Konstantin Pribluda and in special Jaime Metcher).</li>
<li>New NameCoder interface and implementations to support a generic name translation between names from the
object graph and a target format. The new XmlFriendlyNameCoder replaces the XmlFriendlyReplacer used for XML only.</li>
<li>JIRA:XSTR-553: Support annotations in Android.</li>
<li>JIRA:XSTR-556: DateConverter uses format with 3-letter time zones that are ambiguous. Therefore it will now
always use UTC to write dates. Unmarshalled dates are not affected as long as they contain a time zone.</li>
<li>The type java.lang.reflect.Field is now handled by an own converter, that can still read the old format.</li>
<li>JIRA:XSTR-490: Provide path in Converter for contexts that track the path.</li>
<li>JIRA:XSTR-592+JIRA:XSTR-579: OmitField respected at deserialization time even for existing fields.</li>
<li>JIRA:XSTR-593: Direct support for java.net.URI instances (by Carlos Roman).</li>
<li>JIRA:XSTR-615+JIRA:XSTR-580: Dynamic proxies cannot be referenced recursively.</li>
<li>JIRA:XSTR-547: Wrong class loader used for Serializable types deserialized with an ObjectInputStream.</li>
<li>JIRA:XSTR-341: Support of implicit arrays.</li>
<li>JIRA:XSTR-306+JIRA:XSTR-406: Support of implicit maps.</li>
<li>JIRA:XSTR-344: New ToAttributedValueConverter to allow conversion of an element with string body and
attributes.</li>
<li>JIRA:XSTR-573: SortedSet added with TreeSet as the default implementation.</li>
<li>JIRA:XSTR-576: TreeMap and TreeSet no longer add an element without comparator (by Jason Greanya), solves
also invalid format with JSON for such objects (JIRA:XSTR-640).</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>JIRA:XSTR-612: Improve extensibility of c.t.x.javabean.* package by reintroducing a PropertyDictionary with
the additional interface PropertySorter.</li>
<li>JIRA:XSTR-591: EnumSingleValueConverter did use toString() instead of name() to create the String
representation of an enum value.</li>
<li>JIRA:XSTR-618: Add Oracle as vendor used for recent JRockit versions and former Sun JDK.</li>
<li>JIRA:XSTR-656: DomReader and Dom4JReader do not escape attribute names retrieving their values.</li>
<li>JIRA:XSTR-604: StringConverter's cache may cause an OutOfMemoryException.</li>
<li>JIRA:XSTR-577: Skip UTF-8 BOM in XmlHeaderAwareReader.</li>
<li>The XppReader no longer uses a BufferedReader.</li>
<li>JIRA:XSTR-543: Better deserialization support of the defined-in system attribute in combination with field
aliases.</li>
<li>JIRA:XSTR-551: Deprecated XStream.InitializationException still thrown instead of InitializationException.</li>
<li>JIRA:XSTR-655: JsonWriter generates invalid JSON for Externalizable types.</li>
<li>JIRA:XSTR-540: Support Jettison-based configuration of JettisonMappedXmlDriver (by Doug Daniels).</li>
<li>JIRA:XSTR-633: JettisonMappedXmlDriver escaped property names according escape rules for XML tag names.</li>
<li>JIRA:XSTR-625: Optionally ignore XStream's hints for Jettison to generate JSON arrays (by Dejan Bosanac).</li>
<li>JIRA:XSTR-605: Upgrade to Jettison 1.2 (for Java 5 or higher).</li>
<li>New JsonWriter.EXPLICIT_MODE generating JSON that enforces property sequence.</li>
<li>JIRA:XSTR-552: Improve performance of ReflectionProvider (by Keith Kowalczykowski).</li>
<li>JIRA:XSTR-559: Improve performance of Sun14ReflectionProvider (by Keith Kowalczykowski).</li>
<li>JIRA:XSTR-564: Improve performance of AnnotationMapper (by Keith Kowalczykowski).</li>
<li>JIRA:XSTR-563: Use ReferenceQueue for cleaning-up WeakReferences in ObjectIdDictionary (by Keith
Kowalczykowski).</li>
<li>JIRA:XSTR-646: Cache of Sun14ReflectionProvider consumes more PermGen space than necessary.</li>
<li>JIRA:XSTR-636: Ineffective cache in FieldDictionary using WeakHashMap with WeakReference values.</li>
<li>Ineffective cache for SerializationMethodInvoker (related to JIRA:XSTR-636).</li>
<li>Introduction of Caching interface implemented by all types in XStream that create local caches that may have
to be flushed manually.</li>
<li>Avoid excessive creation of AbstractPullReader.Event objects by using a pool.</li>
<li>Possibility to generate XPath expressions that select always a single node instead of a node list.</li>
<li>Cannot reference replaced object using ID references.</li>
<li>Implicit collection functionality will no longer use custom collection converters that may write tags that
are not recognized at deserialization time again.</li>
<li>JIRA:XSTR-654: Unmarshal fails when an implicit collection is defined and an element is named equal to the
field.</li>
<li>JIRA:XSTR-574: AbstractReferenceUnmarshaller cannot handle null values for references.</li>
<li>Improve exception output in case of a missing field.</li>
<li>JIRA:XSTR-555: StAX driver tests do not honor repairing mode.</li>
<li>JIRA:XSTR-570: The @XStreamConverter provides now also the current type as possible constructor argument.</li>
<li>JIRA:XSTR-629: Deserialization of Externalizable with non-accessible default constructor fails.</li>
<li>JIRA:XSTR-571: Cannot serialize synchronized RandomAccessList types.</li>
<li>JIRA:XSTR-583: BinaryDriver fails to handle Strings with more than 64K bytes.</li>
<li>JIRA:XSTR-639: Cannot omit field at deserialization if the field has a class attribute.</li>
<li>JIRA:XSTR-599: EncodedByteArrayConverter should implement SingleValueConverter.</li>
<li>JIRA:XSTR-584: Race condition in XmlFriendlyReplacer.</li>
<li>JIRA:XSTR-623: XmlFriendlyReplacer may write illegal name characters (by Michael Schnell).</li>
<li>The ConversionException hides information if its ErrorWriter contains the added key already.</li>
<li>JIRA:XSTR-598: Attribute "defined-in" was wrongly evaluated for other attributes.</li>
<li>JIRA:XSTR-650: Possible NullPointerException at initialization on platforms like Android that do not support
all types of the JDK.</li>
<li>JIRA:XSTR-652: Initialization of XStream fails if DurationConverter constructor throws a
javax.xml.datatype.DatatypeConfigurationException. Converter will no longer handle Duration types if no instance of
the internal DatatypeFactory can be created.</li>
<li>Constructor DocumentWriter(Element) forgets the provided element.</li>
<li>JIRA:XSTR-597: Optimize AbstractReflectionConverter.</li>
<li>Introduce Caching interface to flush the internal cache of specific components.</li>
<li>Support JIRA:XSTR-407 also for IBM JRE 1.6 and greater.</li>
<li>java.nio.charset.Charset's converter was added as immutable type instead of the type itself.</li>
<li>java.util.Currency added as immutable type.</li>
<li>Fix selection of same parameter types in DependencyInjectionFactory.</li>
<li>Deprecation of c.t.x.javabean.PropertyDictionary has been countermanded.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Any deprecated stuff of the 1.2.x releases has been removed.</li>
<li>Deprecated constructors of c.t.x.converters.reflection.SerializableConverter,
c.t.x.converters.reflection.ExternalizableConverter and c.t.x.converters.reflection.CGLIBEnhancedConverter; new
versions take an additional argument for class loader (as a result for JIRA:XSTR-547).</li>
<li>Deprecated constructors of c.t.x.io.xml.XppReader, new versions take an additional argument for the
XmlPullParser.</li>
<li>Deprecated c.t.x.io.xml.XppReader.createParser(), the XPP parser is now created by the driver.</li>
<li>Package c.t.x.io.xml.xppdom is now part of the official API.</li>
<li>c.t.x.io.xml.xppdom.Xpp3Dom and c.t.x.io.xmlxpp.dom.Xpp3DomBuilder have been deprecated. Functionality is
merged in c.t.x.io.xml.xppdom.XppDom.</li>
<li>Deprecated c.t.x.mapper.XStream11XmlFriendlyMapper and c.t.x.mapper.AbstractXmlFriendlyMapper.</li>
<li>Added interface c.t.x.core.ReferencingMarshallingContext which is implemented by all referencing marshallers.</li>
<li>Added interface c.t.x.io.naming.NameCoder and implementations.</li>
<li>Deprecated c.t.x.io.xml.XmlFriendlyReplacer, c.t.x.io.xml.XmlFriendlyReader and
c.t.x.io.xml.XmlFriendlyWriter.</li>
<li>Deprecated c.t.x.io.xml.AbstractXmlDriver, c.t.x.io.xml.AbstractXmlReader and c.t.x.io.xml.AbstractXmlWriter,
added c.t.x.io.AbstractDriver, c.t.x.io.AbstractReader and c.t.x.io.AbstractWriter instead.</li>
<li>Deprecated all constructors of Driver, Reader and Writer implementations that take a XmlFriendlyReplacer as
argument, added constructors taking a NameCoder instead.</li>
<li>Added interface com.thoughtworks.xstream.converters.ErrorReporter to allow other types to report also errors
(apart from a HierarchicalStreamReader). Any converter and the parent object of the currently deserialized element
may provide additional error information now.</li>
</ul>
<h1 id="1.3.1">1.3.1</h1>
<p>Released December 6, 2008.</p>
<p class="highlight">CGLIB support must be explicitly activated now. The decision has been made due to possible
problems using an own classloader and because of ongoing complaints about occurring exceptions in the
CGLIBEnhancedConverter at XStream initialization although they are caused by incompatible ASM versions on the user's
classpath (JIRA:XSTR-469, JIRA:XSTR-513 and JIRA:XSTR-518).</p>
<p class="highlight">XStream uses some attributes on its own. Until now it was possible to use
XStream.aliasAttribute to define a different name. This does still work but is deprecated for system attributes. Use
the new call XStream.aliasSystemAttribute for such an alias.</p>
<h2>Major changes</h2>
<ul>
<li>JIRA:XSTR-515: CGLIB support is no longer activated automatically and has to be <a
href="faq.html#Serialization_CGLIB">explicitly turned on</a>.
</li>
<li>JIRA:XSTR-448: Separated system attributes and user defined attributes for aliases.</li>
<li>JIRA:XSTR-55: Ability to alias a package name.</li>
<li>JIRA:XSTR-434: New JsonWriter instead of JsonHierarchicalStreamWriter with mode to strip root node of
generated JSON (by Paul Hammant).</li>
<li>Support for Diablo JDK on FreeBSD (by Reto Bachmann-Gmür).</li>
<li>JIRA:XSTR-495: New PersistenceStrategy instead of StreamStrategy (based on the code and comments by Alexander
Radzin).</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>Support special Jettison functionality for JSON to detect collections or arrays with one element introduced
with Jettison 1.0.</li>
<li>JIRA:XSTR-493: Using attributes for fields with XML-unfriendly names results in NPE at deserialization.</li>
<li>JIRA:XSTR-497: Unsafe operation with WeakHashMap can raise a NPE in Sun14ReflectionProvider.</li>
<li>JIRA:XSTR-423: Support of CGLIB enhanced proxies with multiple callbacks if the proxy uses a factory (CGLIB
default).</li>
<li>JIRA:XSTR-536: XStream silently ignores unknown elements.</li>
<li>JIRA:XSTR-503: Omitted properties in JavaBeans are requested at serialization (by Kevin Conaway).</li>
<li>Fix possible memory leak in ObjectIdMap for JVMs that provide real distinct identity hash codes (happened on
amd64 system).</li>
<li>JIRA:XSTR-480: Aliasing of array types.</li>
<li>JIRA:XSTR-515: The SubjectConverter and DurationConverter are only registered if the converted class is part
of the JDK, otherwise they must be registered now explicitly.</li>
<li>JIRA:XSTR-504: XmlHeaderAwareReader fails with improper sized PushbackInputStream.</li>
<li>JIRA:XSTR-489: @XStreamConverter supports now also SingleValueConverter implementations.</li>
<li>JIRA:XSTR-481: @XStreamConverter and @XStreamAsAttribute can be used together (as a result of JIRA:XSTR-489).</li>
<li>JIRA:XSTR-519: New annotation @XStreamInclude to force annotation detection of included types (by Seven
Sparling).</li>
<li>JIRA:XSTR-469: Support custom converters for enum types.</li>
<li>JIRA:XSTR-502: ClassNotFoundException even if writeReplace returns proper object.</li>
<li>JIRA:XSTR-529: NullPointerException for null elements in implicit lists.</li>
<li>JIRA:XSTR-517: Miscellaneous performance improvements (by Tatu Saloranta).</li>
<li>JIRA:XSTR-525: JsonHierarchicalStreamDriver writes invalid JSON in case of system attribute.</li>
<li>JIRA:XSTR-535: Mode to allow plain values as result for JSON without root node.</li>
<li>JIRA:XSTR-531: Possibility to omit system attributes.</li>
<li>JIRA:XSTR-508: Fix marshalling error for nested serializable objects with own writeReplace/readResolve
methods.</li>
<li>JIRA:XSTR-507: Advanced ReferenceByIdMarshaller uses id of the current object if available.</li>
<li>JIRA:XSTR-485: Check reference for valid object when deserializing.</li>
<li>Fix classloader problem, Xpp3 parser cannot be loaded within a web application.</li>
<li>Dependencies have been updated to latest versions of JDOM, Jettison, Joda Time, and Woodstox. Note for Maven
builds that the <em>groupId</em> of JDOM has changed.
</li>
<li>Fix possible IndexOutOfBoundsException creating returning the message for a ConversionException.</li>
<li>JIRA:XSTR-495: StreamStrategy cannot handle key with value <em>null</em>.
</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Deprecated c.t.x.io.json.JsonHierarchicalStreamWriter in favour of c.t.x.io.json.JsonWriter.</li>
<li>c.t.x.mapper.EnumMapper no longer derives from the c.t.x.mapper.AttributeMapper as it has been before version
1.3. Therefore the new constructor has been deprecated in favour of the old one.</li>
<li>c.t.x.mapper.Mapper.getConverterFromAttribute(Class, String) has been deprecated in favour of
c.t.x.mapper.Mapper.getConverterFromAttribute(Class, String, Class) taking the type as third argument that should be
handled by the converter.</li>
<li>c.t.x.core.ReferenceByIdMarshaller.IdGenerator.next() has now the current object as argument.</li>
<li>New c.t.x.persistence.PersistenceStrategy and c.t.x.persistence.FilePersistenceStrategy.</li>
<li>Deprecated c.t.x.persistence.StreamStrategy and c.t.x.persistence.FileStreamStrategy.</li>
</ul>
<h1 id="1.3">1.3</h1>
<p>Released February 27, 2008.</p>
<h2>Major changes</h2>
<ul>
<li>ReflectionConverter writes now the fields of the parent classes first.</li>
<li>Support for Converter definition at field level.</li>
<li>Refactoring of Annotation support, invent auto-detection mode.</li>
<li>Annotated converters are no longer detected automatically, all annotations are now handled in the same way.</li>
<li>JIRA:XSTR-334: XStream will deserialize directly from a file or URL. Some parser take advantage of these
objects to define a SystemId used to resolve further references in XML, schema or DTD. Appropriate createReader
methods have been added to c.t.x.io.HierarchicalStreamDriver.</li>
<li>JIRA:XSTR-261: All c.t.x.io.HierarchicalStreamDriver implementations respect now the encoding of an XML
header if read from an InputStream.</li>
<li>DomDriver does no longer use explicitly UTF-8 by default, DomReader will therefore respect the encoding
defined in the XML header or use native encoding</li>
<li>JIRA:XSTR-415: JavaBeanConverter uses now BeanIntrospection (by Hinse ter Schuur).</li>
<li>JIRA:XSTR-424: DateConverter uses now by default SimpleDateFormat instances in non-lenient mode.</li>
<li>JIRA:XSTR-386: SingleValueConverter that utilizes PropertyEditor implementations (by Jukka Lindström).</li>
<li>JIRA:XSTR-427: Converter for javax.xml.datatype.Duration (by John Kristian).</li>
<li>JIRA:XSTR-305: Field alias inheritance (by David Blevins).</li>
<li>XStream failed to initialize in environments without AWT or SQL classes.</li>
<li>JIRA:XSTR-420: XPath of references are not XmlFriendly encoded.</li>
<li>JIRA:XSTR-473: String "\0" serialized as invalid XML, support compliant behaviour according XML
version.</li>
<li>JIRA:XSTR-431: Direct support of enhanced mode for SAP JVM (thanks to Norbert Kuck by SAP).</li>
<li>JIRA:XSTR-437: Static cache in annotation processing causes failing OSGi bundles.</li>
<li>JIRA:XSTR-279+JIRA:XSTR-335: Annotations are not inherited from parent class.</li>
<li>Fix StringConverter using a WeakHashMap with strong references in its value.</li>
<li>JIRA:XSTR-403: Attributes are no longer written with JSONHierarchicalStreamDriver if current object is a
collection.</li>
<li>JIRA:XSTR-456: New LookAndFeelConverter handling LookAndFeel implementations with reflection.</li>
<li>JIRA:XSTR-462: CachingMapper keeps direct class references.</li>
<li>JIRA:XSTR-411: JsonHierarchicalStreamDriver does not escape characters according RFC 4627.</li>
<li>JsonHierarchicalStreamDriver writes wrong brackets around complex Java types with a single value.</li>
<li>JsonHierarchicalStreamDriver writes attribute names with a leading '@'.</li>
<li>JsonHierarchicalStreamDriver supports Map implementations.</li>
</ul>
<h2>Minor changes</h2>
<ul>
<li>Added converter for java.lang.StringBuilder instances.</li>
<li>Added converter for java.util.UUID instances.</li>
<li>JIRA:XSTR-430: Fields written as attributes could not be omitted.</li>
<li>JIRA:XSTR-407: Comparator might access uninitialized elements for TreeSet and TreeMap. A deserialized
Comparator is no longer called, the converters expect the elements now in a sorted order.</li>
<li>JIRA:XSTR-404, @XStreamImplicit() for ArrayList<ArrayList<Type>> throws ClassCastException.</li>
<li>@XStreamContainedType() for ArrayList<ArrayList<Type>> throws ClassCastException.</li>
<li>XStreamer did not persist a FieldKeySorter instance.</li>
<li>JIRA:XSTR-241: JavaBeanConverter now supports customized BeanProvider.</li>
<li>JIRA:XSTR-280: JavaBeanConverter now supports aliasField and omitField (by Hinse ter Schuur).</li>
<li>JIRA:XSTR-280: SerializationConverter now supports aliasField and omitField.</li>
<li>JIRA:XSTR-429: XmlFriendlyReplacer support for SaxWriter and TraxSource (by Adrian Wilkens).</li>
<li>JIRA:XSTR-421: Characters cannot be written as attribute.</li>
<li>JIRA:XSTR-426: java.swt.KeyStroke not properly serialized because of a character undefined in unicode.</li>
<li>JIRA:XSTR-352: Strings with arbitrary ISO control characters are not properly serialized.</li>
<li>JIRA:XSTR-428: An attribute named like a transient field did abort deserialization of following fields.</li>
<li>JIRA:XSTR-443: XStream.createObjectOutputStream does not use the given driver to create the
HierarchicalStreamWriter.</li>
<li>JIRA:XSTR-440: Implicit collections can be declared for fields that are not of Collection type.</li>
<li>JIRA:XSTR-446: Handle all primitives and their boxed counterpart for JsonHierarchicalStreamDriver.</li>
<li>JIRA:XSTR-447: Fix deserialization of Array class types in JDK 6 (see JDK bug 6500212).</li>
<li>JIRA:XSTR-450: @XStreamAlias is ignored if attributes should be used for the field type.</li>
<li>JIRA:XSTR-418: Inherited @XStreamAlias is ignored if field should be rendered as attribute.</li>
<li>JIRA:XSTR-393: Annotation processing is not consistent.</li>
<li>JIRA:XSTR-412: @XStreamImplicit throws NPE for untyped collections.</li>
<li>JIRA:XSTR-463: Cannot provide own default Mapper chain.</li>
<li>JIRA:XSTR-464: Cannot provide a ClassLoader that is used in all cases.</li>
<li>JIRA:XSTR-394: Allow enums as attributes.</li>
<li>JIRA:XSTR-413: Support @XStreamAsAttribute for enums.</li>
<li>JIRA:XSTR-478: Cannot specify default implementation for polymorphic enum.</li>
<li>JIRA:XSTR-419: Treat enums as immutable types.</li>
<li>Update annotation tutorial, explain limitations of auto-detection mode.</li>
<li>Added copyright notices to all files.</li>
<li>StaxWriter.flush did close Stax' XMLStreamWriter instead of flushing it.</li>
<li>JIRA:XSTR-471: XStream POMs do no longer declare a repository at all.</li>
<li>Calendar object could not be rendered with JSONHierarchicalStreamDriver.</li>
<li>JIRA:XSTR-476: Properties can be sorted by key.</li>
<li>XStream.createObjectInputStream and XStream.createObjectOutputStream overloaded to support a binary
InputStream or OutputStream.</li>
<li>JIRA:XSTR-470: Allow transient fields to be optionally deserialized.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>c.t.x.annotation.Annotations, c.t.x.annotation.AnnotationReflectionConverter and
c.t.x.annotation.AnnotationProvider deprecated. Functionality is integrated in new c.t.x.mapper.AnnotationMapper and
accessible with new methods c.t.x.XStream.processAnnotations().</li>
<li>New auto-detection mode for annotations, that can be turned on with c.t.x.XStream.autodetectAnnotations()</li>
<li>c.t.x.annotation.@XStreamContainedType deprecated, the behaviour is now always active and the annotation
therefore superfluous.</li>
<li>Due to JIRA:XSTR-421 null characters are no longer written as tag with an attribute (<char
null="true"/>), but as empty tag. The old representation is still supported at deserialization.</li>
<li>Characters that are not defined in unicode or ISO control characters (expect TAB and LF) are written as
numerical entity now.</li>
<li>XPath references are now also XML-friendly encoded to match the path exactly. Unencoded references will
normally work anyway, but in special cases the exact behaviour of XStream 1.2.x might be necessary. See acceptance
tests for XStream 1.2.x compatibility.</li>
<li>c.t.x.core.BaseException deprecated in favour of c.t.x.XStreamException as base exception for all exceptions
XStream throws.</li>
<li>c.t.x.XStream.InitializerException deprecated in favour of c.t.x.InitializerException.</li>
<li>New methods get() and keys() in interface c.t.x.converter.ErrorWriter.</li>
<li>c.t.x.mapper.XmlFriendlyMapper deprecated, technology is replaced since version 1.2 by
c.t.x.io.xml.XmlFriendlyReplacer as part of the different XmlWriter implementations.</li>
<li>c.t.x.mapper.Mapper.aliasForAttribute() and c.t.x.mapper.Mapper.attributeForAlias() deprecated, since it
provided in reality the combined functionality of c.t.x.mapper.Mapper.serializedMember()/realMember() and
c.t.x.mapper.Mapper.getConverterFromItemType().</li>