Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-71181

Jira server log throws Security framework of XStream not initialized, XStream is probably vulnerable.

XMLWordPrintable

    • 3
    • 9
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      Jira server log throws "Security framework of XStream not initialized, XStream is probably vulnerable" message.

      Suggested Solution

      Set the permissions for the XStream library when it is initialized and do not rely on the defaults. An explicit call to addPermission() would no longer log the warning.

      Workaround

      There is no workaround.

              Unassigned Unassigned
              rbaldasso Rodrigo Baldasso
              Votes:
              48 Vote for this issue
              Watchers:
              39 Start watching this issue

                Created:
                Updated: