xstream/src/java/com/thoughtworks/xstream/mapper/LambdaMapper.java | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 replaces the call to method.isdefault() by a reflexive call to
 compile with Java 7

xstream/src/java/com/thoughtworks/xstream/io/xml/BEAStaxDriver.java | 14 0 + 14 - 0 !
1 file changed, 14 deletions(-)

 removes the dependency on the com.bea.xml.stream package (not
 needed, allows us to drop the StAX dependency)

xstream-jmh/src/java/com/thoughtworks/xstream/benchmark/jmh/ConverterTypeBenchmark.java | 288 0 + 288 - 0 !
xstream-jmh/src/java/com/thoughtworks/xstream/benchmark/jmh/ParserBenchmark.java | 387 0 + 387 - 0 !
xstream-jmh/src/java/com/thoughtworks/xstream/benchmark/jmh/StringConverterBenchmark.java | 334 0 + 334 - 0 !
xstream/src/java/com/thoughtworks/xstream/io/xml/MXParserDomDriver.java | 53 0 + 53 - 0 !
xstream/src/java/com/thoughtworks/xstream/io/xml/MXParserDriver.java | 55 0 + 55 - 0 !
xstream/src/test/com/thoughtworks/acceptance/MultipleObjectsInOneStreamTest.java | 397 0 + 397 - 0 !
xstream/src/test/com/thoughtworks/xstream/io/DriverEndToEndTestSuite.java | 187 0 + 187 - 0 !
xstream/src/test/com/thoughtworks/xstream/io/binary/BinaryStreamTest.java | 92 0 + 92 - 0 !
xstream/src/test/com/thoughtworks/xstream/io/copy/HierarchicalStreamCopierTest.java | 74 0 + 74 - 0 !
xstream/src/test/com/thoughtworks/xstream/io/xml/MXParserReaderTest.java | 41 0 + 41 - 0 !
10 files changed, 1908 deletions(-)

 no mxparser

xstream/src/java/com/thoughtworks/xstream/io/binary/BinaryStreamReader.java | 18 12 + 6 - 0 !
1 file changed, 12 insertions(+), 6 deletions(-)

 cve-2024-47072

This vulnerability may allow a remote attacker to terminate the application
with a stack overflow error resulting in a denial of service only
by manipulating the processed input stream when XStream is configured
to use the BinaryStreamDrive