These are all security issues fixed in the xstream-1.4.21-1.1 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "xstream-parent": "1.4.21-1.1", "xstream": "1.4.21-1.1", "xstream-javadoc": "1.4.21-1.1", "xstream-benchmark": "1.4.21-1.1" } ] }