version-2.1.4

What's Changed

• updated pull-parser version by @jayknoxqu in #129
• Reuse the writeAttribute method in writeAttributes. by @Ekryd in #134
• support build on OS with non-UTF8 as default charset by @qxo in #96
• Gradle: add an automatic module name (fixes #67) by @carlosame in #84
• Use Correct License Name "Plexus" by @tisoft in #98

New Contributors

• @jayknoxqu made their first contribution in #129
• @Ekryd made their first contribution in #134
• @qxo made their first contribution in #96
• @carlosame made their first contribution in #84
• @tisoft made their first contribution in #98

Full Changelog: version-2.1.3...version-2.1.4

version-2.1.3

Improvements

• Added new factory method org.dom4j.io.SAXReader.createDefault(). It hase more secure defaults than new SAXReader(), which uses system
  XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). SAXReader.createDefault() disable parsing of external entities
  in the SAX parser.

version-2.0.3

Branch 2.0.x for Java 1.5 aligned with branch 2.1.x.

Improvements

• Added new factory method org.dom4j.io.SAXReader.createDefault(). It hase more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). SAXReader.createDefault() disable parsing of external entities in the SAX parser.

version-2.1.1

Bug fix release.

Potential breaking changes

• If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
• Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions):
  • http://xml.org/sax/properties/external-general-entities
  • http://xml.org/sax/properties/external-parameter-entities

Fixed issues

• #28 Possible vulnerability of DocumentHelper.parseText() to XML injection (reported by @s0m30ne)
• #34 CVS directories left in the source tree (reported by @ebourg)
• #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @abenkovskii)
• #39 writer.writeOpen(x) doesn't write namespaces (reported by @borissmidt)
• #40 concurrency problem with QNameCache (@jbennett2091)
• #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
• #44 SAXReader: hardcoded namespace features (reported by @philippeu)
• #48 validate QNames (reported by @mario-areias)

dom4j-2.1.0

Minimum supported version of Java for this branch upgraded to Java 8. Added support for build with Java 9.

dom4j-2.0.2

This release contain only bug-fixes:

• StringIndexOutOfBoundsException in XMLWriter.writeElementContent() (#26)
• TreeNode has grown some generics

dom4j-2.0.1

This release contain only bug-fixes:

• QName serialization fix (#17)
• DocumentException initialize with nested exception (#20)
• Accidentally occurring error in a multi-threaded test (#14)

dom4j-2.0.0

• compatibility with W3C DOM Level 3 → compatible with Java 5+
• use Java generics

dom4j-2.0.0-RC1

• sources can be build with JDK 1.5 or newer (implements W3C DOM Level 3)
• all classes and interfaces are generified

dom4j-1.6.1

Released on May 20, 2005.