Bump com.thoughtworks.xstream:xstream from 1.4.20 to 1.4.21 to fix CV…

…E-2024-47072 (#5280) * build(deps): bump com.thoughtworks.xstream:xstream from 1.4.20 to 1.4.21 * build(deps): bump com.thoughtworks.xstream:xstream from 1.4.20 to 1.4.21
apolloconfig · Nov 18, 2024 · cdbb8f7 · cdbb8f7
1 parent a90fb6b
commit cdbb8f7
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -20,6 +20,7 @@ Apollo 2.4.0
 * [Refactor: align database ClusterName and NamespaceName fields lengths](https://github.com/apolloconfig/apollo/pull/5263)
 * [Feature: Added the value length limit function for AppId-level configuration items](https://github.com/apolloconfig/apollo/pull/5264)
 * [Fix: ensure clusters order in envClusters open api](https://github.com/apolloconfig/apollo/pull/5277)
+* [Fix: bump xstream from 1.4.20 to 1.4.21 to fix CVE-2024-47072](https://github.com/apolloconfig/apollo/pull/5280)
 
 ------------------
 All issues and pull requests are [here](https://github.com/apolloconfig/apollo/milestone/15?closed=1)
diff --git a/pom.xml b/pom.xml
@@ -200,11 +200,11 @@
 				<artifactId>commons-lang3</artifactId>
 				<version>${common-lang3.version}</version>
 			</dependency>
-			<!-- to fix CVE-2022-41966 -->
+			<!-- to fix CVE-2024-47072 -->
 			<dependency>
 				<groupId>com.thoughtworks.xstream</groupId>
 				<artifactId>xstream</artifactId>
-				<version>1.4.20</version>
+				<version>1.4.21</version>
 			</dependency>
 			<!--for test -->
 			<dependency>