Skip to content

Bump org.eclipse.rdf4j:rdf4j-bom from 5.3.1 to 5.3.2 in /rdf4j#2661

Merged
acoburn merged 1 commit into
1.3from
dependabot/maven/rdf4j/1.3/org.eclipse.rdf4j-rdf4j-bom-5.3.2
Jul 1, 2026
Merged

Bump org.eclipse.rdf4j:rdf4j-bom from 5.3.1 to 5.3.2 in /rdf4j#2661
acoburn merged 1 commit into
1.3from
dependabot/maven/rdf4j/1.3/org.eclipse.rdf4j-rdf4j-bom-5.3.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps org.eclipse.rdf4j:rdf4j-bom from 5.3.1 to 5.3.2.

Release notes

Sourced from org.eclipse.rdf4j:rdf4j-bom's releases.

RDF4J 5.3.2 is now available. This is a patch release fixing 2 issues, including a security fix for XML parsing.

The security fix is a follow-up to CVE-2018-1000644. Several XML parser entry points were not covered by the earlier fix and could still allow XML External Entity (XXE) style processing in some configurations. RDF4J 5.3.2 hardens these paths so DOCTYPE declarations, external entities, and external DTD loading are rejected or disabled by default.

We recommend that users who parse untrusted XML-based RDF4J data or query results upgrade to this release.

For more details, have a look at the release notes.

Commits

@acoburn acoburn enabled auto-merge (squash) July 1, 2026 11:45
@dependabot dependabot Bot force-pushed the dependabot/maven/rdf4j/1.3/org.eclipse.rdf4j-rdf4j-bom-5.3.2 branch from f9464b7 to d0bfd32 Compare July 1, 2026 11:46
Bumps [org.eclipse.rdf4j:rdf4j-bom](https://github.com/eclipse/rdf4j) from 5.3.1 to 5.3.2.
- [Release notes](https://github.com/eclipse/rdf4j/releases)
- [Commits](eclipse-rdf4j/rdf4j@5.3.1...5.3.2)

---
updated-dependencies:
- dependency-name: org.eclipse.rdf4j:rdf4j-bom
  dependency-version: 5.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/rdf4j/1.3/org.eclipse.rdf4j-rdf4j-bom-5.3.2 branch from d0bfd32 to 1aa714d Compare July 1, 2026 11:53
@acoburn acoburn merged commit 611dd73 into 1.3 Jul 1, 2026
7 checks passed
@acoburn acoburn deleted the dependabot/maven/rdf4j/1.3/org.eclipse.rdf4j-rdf4j-bom-5.3.2 branch July 1, 2026 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant