Configure XStream


We are constantly getting the following message in our logs:
Security framework of XStream not initialized, XStream is probably vulnerable

I think I have a good idea on how to get rid of this message, but how do I get hold of the instance of XStream that is used to serialize objects in Axon?
We’re using Spring, so I have naively tried to autowire XStream in our application config, but no bean of that type is available for injection…

Best regards,

In class XStreamSerializer:

private Builder() {
    xStream(new XStream(new CompactDriver()));

Then autowire the XStreamSerializer, and call getXStream()..

Thanks Cristophe,

Ended up with the below. Obviously the same object of XStreamSerializer is available as two beans; “messageSerializer” and “eventSerializer”.



private XStreamSerializer messageSerializer;


private void initXStream() {