About XStream
XStream is a simple library to serialize objects to XML and back again.
Features
- Ease of use. A high level facade is supplied that simplifies common use cases.
- No mappings required. Most objects can be serialized without need for specifying mappings.
- Performance. Speed and low memory footprint are a crucial part of the design, making it suitable for large object graphs or systems with high message throughput.
- Clean XML. No information is duplicated that can be obtained via reflection. This results in XML that is easier to read for humans and more compact than native Java serialization.
- Requires no modifications to objects. Serializes internal fields, including private and final. Supports non-public and inner classes. Classes are not required to have default constructor.
- Full object graph support. Duplicate references encountered in the object-model will be maintained. Supports circular references.
- Integrates with other XML APIs. By implementing an interface, XStream can serialize directly to/from any tree structure (not just XML).
- Customizable conversion strategies. Strategies can be registered allowing customization of how particular types are represented as XML.
- Security framework. Fine-control about the unmarshalled types to prevent security issues with manipulated input.
- Error messages. When an exception occurs due to malformed XML, detailed diagnostics are provided to help isolate and fix the problem.
- Alternative output format. The modular design allows other output formats. XStream ships currently with JSON support and morphing.
Typical Uses
- Transport
- Persistence
- Configuration
- Unit Tests
Known Limitations
If using the enhanced mode, XStream can re-instantiate classes that do not have a default constructor. However, if using a different JVM like an old JRockit version, a JDK 1.4 or you have restrictions because of a SecurityManager, a default constructor is required.
The enhanced mode is also necessary to restore final fields for any JDK < 1.5. This implies deserialization of instances of an inner class.
Auto-detection of annotations may cause race conditions. Preprocessing annotations is safe though.
Getting Started
Latest News
December 24, 2022 XStream 1.4.20 released
This maintenance release addresses the security vulnerabilities CVE-2022-40151 and CVE-2022-41966, causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types.
View the complete change log and download.
Note, the next major release 1.5 will require Java 11.