Configure XStream security and resolve itest bundles (#8663)

* Configures XStream security to prevent "Security framework of XStream not initialized, XStream is probably vulnerable" warnings.
* Resolves the itest bundles for the upgrade to XStream 1.4.13

Related to openhab/openhab-core#1688

Signed-off-by: Wouter Born <github@maindrain.net>

bundles/org.openhab.binding.lutron/src/main/java/org/openhab/binding/lutron/internal/xml/DbXmlInfoReader.java

@@ -49,15 +49,21 @@ public class DbXmlInfoReader {
 
         xstream = new XStream(driver);
 
+        configureSecurity(xstream);
         setClassLoader(Project.class.getClassLoader());
-        registerAliases(this.xstream);
+        registerAliases(xstream);
     }
 
-    public void setClassLoader(ClassLoader classLoader) {
+    private void configureSecurity(XStream xstream) {
+        XStream.setupDefaultSecurity(xstream);
+        xstream.allowTypesByWildcard(new String[] { Project.class.getPackageName() + ".**" });
+    }
+
+    private void setClassLoader(ClassLoader classLoader) {
         xstream.setClassLoader(classLoader);
     }
 
-    public void registerAliases(XStream xstream) {
+    private void registerAliases(XStream xstream) {
         xstream.alias("Project", Project.class);
         xstream.aliasField("AppVer", Project.class, "appVersion");
         xstream.aliasField("XMLVer", Project.class, "xmlVersion");