flexible XML framework for Java
Full Changelog: https://github.com/dom4j/dom4j/compare/version-2.1.3...version-2.1.4
org.dom4j.io.SAXReader.createDefault()
. It hase more secure defaults than new SAXReader()
, which uses system
XMLReaderFactory.createXMLReader()
or SAXParserFactory.newInstance().newSAXParser()
. SAXReader.createDefault()
disable parsing of external entities
in the SAX parser.Branch 2.0.x for Java 1.5 aligned with branch 2.1.x.
org.dom4j.io.SAXReader.createDefault()
. It hase more secure defaults than new SAXReader()
, which uses system XMLReaderFactory.createXMLReader()
or SAXParserFactory.newInstance().newSAXParser()
. SAXReader.createDefault()
disable parsing of external entities in the SAX parser.Bug fix release.
DocumentHelper.parse()
for security reasons (they were enabled in previous versions):
http://xml.org/sax/properties/external-general-entities
http://xml.org/sax/properties/external-parameter-entities
DocumentHelper.parseText()
to XML injection (reported by @s0m30ne)QNameCache
(@jbennett2091)QName
s (reported by @mario-areias)Minimum supported version of Java for this branch upgraded to Java 8. Added support for build with Java 9.
This release contain only bug-fixes:
This release contain only bug-fixes:
Released on March 14, 2002.