Releases: robtimus/obfuscation-xml
1.4
1.3
Added support for obfuscating attributes of specific elements differently through methods forElement of XMLObfuscator.AttributeConfigurer. To only obfuscate attributes of specific elements, and not for any occurrence of attributes, provide Obfuscator.none() to the withAttribute method.
Added support to force obfuscation to generate new obfuscated XML documents through method generateXML of XMLObfuscator.Builder.
When obfuscation generates new obfuscated XML elements, the XML declaration attributes are now enclosed in double quotes instead of single quotes.
1.2
Added support for obfuscating attributes through methods withAttribute of XMLObfuscator.Builder. Note that this will change the method of obfuscation from replacing content in-place to generating new obfuscated XML documents.
When obfuscating from a Reader, the contents were completely buffered in previous versions. This could lead to memory starvation when obfuscating large XML documents. From this version on, an XML obfuscator tries to truncate the internal buffer as soon as a maximum size is hit. This maximum defaults to 512KB, but can be changed using system property com.github.robtimus.obfuscation.xml.preferredMaxBufferSize. Note that the buffer can grow to be larger than this maximum if it's needed to let the obfuscation be successful. This will usually only occur if element text exceeds this maximum.
Even though all available security properties were configured, the XML parser still processed external DTDs and entities. This has now been disabled. Only inline DTDs and entities are now supported.
1.1.1
Updated to the latest Woodstox version which fixes CVE-2022-40152, CVE-2022-40153, CVE-2022-40154, CVE-2022-40155 and CVE-2022-40156 (according to GitHub's dependabot).
.