dom4j is an open source framework for processing XML which is integrated with XPath and fully supports DOM, SAX, JAXP and the Java platform such as Java 2 Collections.
Version 2.0.3 and 2.1.3 released
(Version 2.1.2 has been skipped.)
- Added new factory method
org.dom4j.io.SAXReader.createDefault(). It hase more secure defaults than
new SAXReader(), which uses system
SAXReader.createDefault()disable parsing of external entities in the SAX parser.
Version 2.1.1 released
Bug fix release.
Potential breaking changes
- If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
- #28 Possible vulnerability of
DocumentHelper.parseText()to XML injection (reported by @s0m30ne)
- #34 CVS directories left in the source tree (reported by @ebourg)
- #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @abenkovskii)
- #39 writer.writeOpen(x) doesn't write namespaces (reported by @borissmidt)
- #40 concurrency problem with
- #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
- #44 SAXReader: hardcoded namespace features (reported by @philippeu)
- #48 validate
QNames (reported by @mario-areias)