diff --git a/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5.adoc b/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5.adoc
index 13e725f8f..cf3a633da 100644
--- a/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5.adoc
+++ b/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5.adoc
@@ -8,7 +8,7 @@ Ref: http://www.pcworld.com/article/3004633/business-security/thousands-of-java-
 
 === Dinis Cruz and Alvaro Munoz exploit of XStream
 XStream, a relatively common XML and JSON parsing library, has a nasty little remote code execution. +
-Ref: http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html[Dinis Cruz Blog] +
+Ref: https://web.archive.org/web/20190718132219/http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html[Dinis Cruz Blog] +
 https://github.com/pwntester/XStreamPOC[pwntester/XStreamPOC]  
 
 You may want to read the article(s) before trying this lesson.  Let's see if you can figure out how to exploit this in WebGoat.