Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-20913

Bamboo server log throws Security framework of XStream not initialized, XStream is probably vulnerable.

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Fixed
    • 7.2.0
    • Dependencies
    • None
    • 3

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Problem Definition

      Bamboo server log throws "Security framework of XStream not initialized, XStream is probably vulnerable" message.

      Suggested Solution

      Set the permissions for the XStream library when it is initialized and do not rely on the defaults. An explicit call to addPermission() would no longer log the warning.

      Workaround

      There is no workaround.

      Attachments

        Issue Links

          was cloned as

          Suggestion - JRASERVER-71181 Jira server log throws Security framework of XStream not initialized, XStream is probably vulnerable.

          • Gathering Interest

          Activity

            People

              mgardias Marcin Gardias
              jinbasekaran Jeyanthan I (Inactive)
              Votes:
              11 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: