Bug fix release.
Potential breaking changes
- If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
- Following SAX parser features are disabled by default in
DocumentHelper.parse()for security reasons (they were enabled in previous versions):
- #28 Possible vulnerability of
DocumentHelper.parseText()to XML injection (reported by @s0m30ne)
- #34 CVS directories left in the source tree (reported by @ebourg)
- #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @abenkovskii)
- #39 writer.writeOpen(x) doesn't write namespaces (reported by @borissmidt)
- #40 concurrency problem with
- #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
- #44 SAXReader: hardcoded namespace features (reported by @philippeu)
- #48 validate
QNames (reported by @mario-areias)