https://bugzilla.redhat.com/show_bug.cgi?id=1942554
Chess Hazlett chazlett@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(pjindal@redhat.co | |m)
--- Comment #5 from Chess Hazlett chazlett@redhat.com --- @Param from digging through kie backend, it looks like they've implemented their own allowlist-ish system; also the optaplanner component uses the xstream-provided allowlist for that older version (based on those 2, I'd say affected not vulnerable). Can you see any other distinct instances of xstream in RHxM that may or may not have mitigations in place already?