dom4j
is an open source framework for processing XML which is integrated with XPath and fully supports DOM, SAX, JAXP and the Java platform such as Java 2 Collections.
See https://github.com/dom4j/dom4j/releases/tag/version-2.1.4
(Version 2.1.2 has been skipped.)
- Added new factory method
org.dom4j.io.SAXReader.createDefault()
. It hase more secure defaults thannew SAXReader()
, which uses systemXMLReaderFactory.createXMLReader()
orSAXParserFactory.newInstance().newSAXParser()
.SAXReader.createDefault()
disable parsing of external entities in the SAX parser.
Bug fix release.
- If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
- #28 Possible vulnerability of
DocumentHelper.parseText()
to XML injection (reported by @s0m30ne) - #34 CVS directories left in the source tree (reported by @ebourg)
- #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @abenkovskii)
- #39 writer.writeOpen(x) doesn't write namespaces (reported by @borissmidt)
- #40 concurrency problem with
QNameCache
(@jbennett2091) - #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
- #44 SAXReader: hardcoded namespace features (reported by @philippeu)
- #48 validate
QName
s (reported by @mario-areias)