version-2.1.1
FilipJirsak
released this
01 Jul 15:21
·
44 commits
to master
since this release
Bug fix release.
Potential breaking changes
- If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
- Following SAX parser features are disabled by default in
DocumentHelper.parse()
for security reasons (they were enabled in previous versions):http://xml.org/sax/properties/external-general-entities
http://xml.org/sax/properties/external-parameter-entities
Fixed issues
- #28 Possible vulnerability of
DocumentHelper.parseText()
to XML injection (reported by @s0m30ne) - #34 CVS directories left in the source tree (reported by @ebourg)
- #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @abenkovskii)
- #39 writer.writeOpen(x) doesn't write namespaces (reported by @borissmidt)
- #40 concurrency problem with
QNameCache
(@jbennett2091) - #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
- #44 SAXReader: hardcoded namespace features (reported by @philippeu)
- #48 validate
QName
s (reported by @mario-areias)