flexible XML framework for Java
dom4j
is an open source framework for processing XML which is integrated with XPath and fully supports DOM, SAX, JAXP and the Java platform such as Java 2 Collections.
See https://github.com/dom4j/dom4j/releases/tag/version-2.1.4
(Version 2.1.2 has been skipped.)
org.dom4j.io.SAXReader.createDefault()
. It hase more secure defaults than new SAXReader()
, which uses system
XMLReaderFactory.createXMLReader()
or SAXParserFactory.newInstance().newSAXParser()
. SAXReader.createDefault()
disable parsing of external entities
in the SAX parser.Bug fix release.
DocumentHelper.parseText()
to XML injection (reported by @s0m30ne)QNameCache
(@jbennett2091)QName
s (reported by @mario-areias)