dom4j

dom4j is an open source framework for processing XML which is integrated with XPath and fully supports DOM, SAX, JAXP and the Java platform such as Java 2 Collections.

News

Version 2.1.4 released

See https://github.com/dom4j/dom4j/releases/tag/version-2.1.4

Version 2.0.3 and 2.1.3 released

(Version 2.1.2 has been skipped.)

Improvements

• Added new factory method org.dom4j.io.SAXReader.createDefault(). It hase more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). SAXReader.createDefault() disable parsing of external entities in the SAX parser.

Version 2.1.1 released

Bug fix release.

Potential breaking changes

• If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.

Fixed issues

• #28 Possible vulnerability of DocumentHelper.parseText() to XML injection (reported by @s0m30ne)
• #34 CVS directories left in the source tree (reported by @ebourg)
• #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @abenkovskii)
• #39 writer.writeOpen(x) doesn't write namespaces (reported by @borissmidt)
• #40 concurrency problem with QNameCache (@jbennett2091)
• #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
• #44 SAXReader: hardcoded namespace features (reported by @philippeu)
• #48 validate QNames (reported by @mario-areias)