flexible XML framework for Java

dom, dom4j, java, xml, xml-document


Maven Central codecov.io Build Status Javadocs


dom4j is an open source framework for processing XML which is integrated with XPath and fully supports DOM, SAX, JAXP and the Java platform such as Java 2 Collections.


Version 2.0.3 and 2.1.3 released

(Version 2.1.2 has been skipped.)


  • Added new factory method org.dom4j.io.SAXReader.createDefault(). It hase more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). SAXReader.createDefault() disable parsing of external entities in the SAX parser.

Version 2.1.1 released

Bug fix release.

Potential breaking changes

  • If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.

Fixed issues

  • #28 Possible vulnerability of DocumentHelper.parseText() to XML injection (reported by @s0m30ne)
  • #34 CVS directories left in the source tree (reported by @ebourg)
  • #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @abenkovskii)
  • #39 writer.writeOpen(x) doesn't write namespaces (reported by @borissmidt)
  • #40 concurrency problem with QNameCache (@jbennett2091)
  • #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
  • #44 SAXReader: hardcoded namespace features (reported by @philippeu)
  • #48 validate QNames (reported by @mario-areias)