Skip to content

2.0.5

Choose a tag to compare

View all tags
@github-actions github-actions released this 01 Jun 23:11
· 22 commits to master since this release
Immutable release. Only release title and notes can be modified.
v2.0.5
611d5b9

Version 2.0.5 converts still more recursive algorithms in the core parser to safer iterative forms. This enables Jaxen to handle even larger and more complex XPath expressions.

For the recursive code that remains, higher level evaluation and parsing now catches stack overflow errors if they do occur, and wraps them inside a regular checked JaxenException so it won't bring down the entire program. This should be fairly robust and complete protection against DoS attacks on recursive code, even with arbitrary untrusted input. I don't know why I didn't think of this earlier. I probably just had an unquestioned rule in my head that you can't recover from errors, which isn't actually true in the case of stack overflow errors.

PRs

  • Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.6.2 to 3.9.0 by @dependabot[bot] in #426
  • Bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.1 to 3.8.0 by @dependabot[bot] in #425
  • Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.1 to 3.12.0 by @dependabot[bot] in #422
  • Bump org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.5.0 by @dependabot[bot] in #423
  • Upgrade XOM to 1.4.2 and fix Java 8 ElementTraversal classpath breakage by @Copilot in #428
  • Resolve unresolved Maven site variables and enforce static HTML/CSS-only Pages output by @Copilot in #430
  • remove public modifier from interfaces by @hduelme in #172
  • don't fully qualify SAXPathException by @elharo in #439
  • Fix unterminated string literal handling and add regression tests at lexer and API levels by @Copilot in #433
  • avoid recursion by @elharo in #431
  • remove debugging code by @elharo in #446
  • deprecate simplify by @elharo in #445
  • Inline dead PatternParser.USE_HANDLER branch by @Copilot in #448
  • deprecate simplify by @elharo in #449
  • Suppress javac obsolete-options warnings for Java 1.5 target builds by @Copilot in #453
  • add 2.0.4 release notes by @elharo in #456
  • Fix XPath union precedence relative to additive expressions by @Copilot in #460
  • Remove recursion from union operations by @elharo in #455
  • Avoid recursion when processing and and or by @elharo in #461
  • Prevent parser stack overflow on deeply nested parenthesized filter expressions by @Copilot in #462
  • Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8 by @dependabot[bot] in #468
  • Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.5.0 by @dependabot[bot] in #469
  • Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.1 to 3.5.5 by @dependabot[bot] in #466
  • Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.1 to 0.26.0 by @dependabot[bot] in #465
  • Characterization tests for the pattern package by @elharo in #470
  • Revise Jaxen 2.0.4 change history details by @elharo in #472
  • Update release notes for version 2.0.4 by @elharo in #474
  • Switch release workflow to PR-based handoff for protected master by @Copilot in #476
  • Update version number to 2.0.4 in index.xml by @elharo in #477
  • Update index.xml before release by @elharo in #478
  • Release 2.0.4: commit release and prepare 2.1.0-SNAPSHOT by @github-actions[bot] in #479
  • Fix release PR body formatting and add publish-before-merge guidance by @Copilot in #481
  • Eliminate stack overflows from deep left-recursive binary XPath chains by @Copilot in #464
  • Eliminate recursion in getText and toString by @elharo in #483
  • Avoid stack overflow in DOM DocumentNavigator#getStringValue for deeply nested documents by @Copilot in #485
  • Make JDOM element string-value traversal iterative to prevent deep-tree stack overflows by @Copilot in #487
  • Prevent stack overflow when DOM attribute iteration skips long xmlns:* runs by @Copilot in #490
  • Catch and wrap StackOverflowError in XPath parse/evaluation entry points by @Copilot in #496
  • Fix unbounded stack recursion in DefaultBinaryExpr.evaluate() across distinct operator types by @Copilot in #494
  • Document changes for Jaxen version 2.0.5 by @elharo in #498
  • Cleanup STAR tokens by @elharo in #499
  • Fix StackOverflowError on deeply nested XPath predicates by @Copilot in #492
  • Update release version to 2.0.4 in releases.xml by @elharo in #497
  • ignore aider by @elharo in #508
  • Handle lang() on empty/null context node with explicit FunctionCallException by @Copilot in #501
  • Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3 by @dependabot[bot] in #512
  • Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.1 to 3.5.6 by @dependabot[bot] in #510
  • Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0 by @dependabot[bot] in #509
  • Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.26.0 to 0.26.1 by @dependabot[bot] in #511

New Contributors

  • @github-actions[bot] made their first contribution in #479

Full Changelog: v2.0.3...v2.0.5

Contributors

elharo, dependabot, and hduelme
Assets 10
Loading