Releases: dom4j/dom4j
Releases · dom4j/dom4j
version-2.1.4
What's Changed
- updated pull-parser version by @jayknoxqu in #129
- Reuse the writeAttribute method in writeAttributes. by @Ekryd in #134
- support build on OS with non-UTF8 as default charset by @qxo in #96
- Gradle: add an automatic module name (fixes #67) by @carlosame in #84
- Use Correct License Name "Plexus" by @tisoft in #98
New Contributors
- @jayknoxqu made their first contribution in #129
- @Ekryd made their first contribution in #134
- @qxo made their first contribution in #96
- @carlosame made their first contribution in #84
- @tisoft made their first contribution in #98
Full Changelog: version-2.1.3...version-2.1.4
version-2.1.3
Improvements
- Added new factory method
org.dom4j.io.SAXReader.createDefault()
. It hase more secure defaults thannew SAXReader()
, which uses system
XMLReaderFactory.createXMLReader()
orSAXParserFactory.newInstance().newSAXParser()
.SAXReader.createDefault()
disable parsing of external entities
in the SAX parser.
version-2.0.3
Branch 2.0.x for Java 1.5 aligned with branch 2.1.x.
Improvements
- Added new factory method
org.dom4j.io.SAXReader.createDefault()
. It hase more secure defaults thannew SAXReader()
, which uses systemXMLReaderFactory.createXMLReader()
orSAXParserFactory.newInstance().newSAXParser()
.SAXReader.createDefault()
disable parsing of external entities in the SAX parser.
version-2.1.1
Bug fix release.
Potential breaking changes
- If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
- Following SAX parser features are disabled by default in
DocumentHelper.parse()
for security reasons (they were enabled in previous versions):http://xml.org/sax/properties/external-general-entities
http://xml.org/sax/properties/external-parameter-entities
Fixed issues
- #28 Possible vulnerability of
DocumentHelper.parseText()
to XML injection (reported by @s0m30ne) - #34 CVS directories left in the source tree (reported by @ebourg)
- #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @abenkovskii)
- #39 writer.writeOpen(x) doesn't write namespaces (reported by @borissmidt)
- #40 concurrency problem with
QNameCache
(@jbennett2091) - #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
- #44 SAXReader: hardcoded namespace features (reported by @philippeu)
- #48 validate
QName
s (reported by @mario-areias)
dom4j-2.1.0
Minimum supported version of Java for this branch upgraded to Java 8. Added support for build with Java 9.
dom4j-2.0.2
This release contain only bug-fixes:
- StringIndexOutOfBoundsException in XMLWriter.writeElementContent() (#26)
- TreeNode has grown some generics
dom4j-2.0.1
dom4j-2.0.0
- compatibility with W3C DOM Level 3 → compatible with Java 5+
- use Java generics
dom4j-2.0.0-RC1
- sources can be build with JDK 1.5 or newer (implements W3C DOM Level 3)
- all classes and interfaces are generified
dom4j-1.6.1
Released on May 20, 2005.