XStream upgrade to 1.4.17

h3. Problem

XStream is vulnerable to security exploits including [CVE-2021-29505|http://x-stream.github.io/CVE-2021-29505.html]. This ticket tracks it’s upgrade to 1.4.17 
{panel:title=Atlassian Update - July 2021|borderStyle=solid|borderColor=#6554c0|titleBGColor=#6554c0|bgColor=#eae6ff}
We have upgraded XStream to 1.4.17.  If your plugin bundles your own version of XStream you will also need to upgrade to this version or later. This is because XStream 1.4.16 provides a newer implementation of {{XmlPullParser}} through service loader. XStream’s default parser has changed from {{Xpp3}} to {{MXParser}}, which is a fork of {{Xpp3}}.  You can read more about the changes in the [XStream change log|https://x-stream.github.io/changes.html].

When upgrading XStream in our own plugins, we found that it remained compatible with older Confluence versions, as there’s a dependency of {{xpp3_min}} which helps the plugin to work with older {{XmlPullParser}} implementations mentioned in service loader in older Confluence versions.
{panel}
h3. Environment

Confluence v7.4
h3. Workaround

There are no workaround available for this up til now.