Maven · repo1.maven.org

org.wso2.identity.apps:org.wso2.identity.apps.taglibs.layout.controller

Java Unsafe Deserialize: ObjectInputStream / XStream.fromXML — untrusted deserialization sink.

Why PkgRadar flagged 5.2.2

Severity	Signal	Evidence
medium	Java Unsafe Deserialize	ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · org/wso2/identity/apps/taglibs/layout/controller/core/LocalTemplateEngine.java

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`5.2.2`	Review	10	2026-06-11
`5.2.0`	Review	10	2026-06-10
`5.1.3`	Review	10	2026-05-29

Block this in CI

PkgRadar gates org.wso2.identity.apps:org.wso2.identity.apps.taglibs.layout.controller (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven org.wso2.identity.apps:[email protected]

Start free — 25 scans / mo View full evidence