OBS-URL: https://build.opensuse.org/package/show/Java:packages/dom4j?expand=0&rev=48

2023-08-24 05:14:44 +00:00 · 2023-08-24 05:14:44 +00:00 · 96b275ece5
commit 96b275ece5
parent bd17263ce9
1 changed files with 53 additions and 1 deletions
--- a/dom4j.changes
+++ b/dom4j.changes
@ -1,3 +1,55 @@
+-------------------------------------------------------------------
+Thu Aug 24 04:59:20 UTC 2023 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to upstream version 2.1.4
+  * Improvements and potentially breaking changes
+    + Added new factory method
+      org.dom4j.io.SAXReader.createDefault(). It has more secure
+      defaults than new SAXReader(), which uses system
+      XMLReaderFactory.createXMLReader() or
+      SAXParserFactory.newInstance().newSAXParser().
+    + If you use some optional dependency of dom4j (for example
+      Jaxen, xsdlib etc.), you need to specify an explicit
+      dependency on it in your project. They are no longer marked as
+      a mandatory transitive dependency by dom4j.
+    + Following SAX parser features are disabled by default in
+      DocumentHelper.parse() for security reasons (they were enabled
+      in previous versions):
+      ° http://xml.org/sax/properties/external-general-entities
+      ° http://xml.org/sax/properties/external-parameter-entities
+  * Other changes:
+    + updated pull-parser version
+    + Reuse the writeAttribute method in writeAttributes
+    + support build on OS with non-UTF8 as default charset
+    + Gradle: add an automatic module name
+    + Use Correct License Name "Plexus"
+    + Possible vulnerability of DocumentHelper.parseText() to XML
+     injection
+    + CVS directories left in the source tree
+    + XMLWriter does not escape supplementary unicode characters
+      correctly
+    + writer.writeOpen(x) doesn't write namespaces
+    + concurrency problem with QNameCache
+    + all dependencies are optional
+    + SAXReader: hardcoded namespace features
+    + validate QNames
+    + StringIndexOutOfBoundsException in
+      XMLWriter.writeElementContent()
+    + TreeNode has grown some generics
+    + QName serialization fix
+    + DocumentException initialize with nested exception
+    + Accidentally occurring error in a multi-threaded test
+    + compatibility with W3C DOM Level 3
+    + use Java generics
+- Removed patches:
+  * dom4j-1.6.1-bug1618750.patch
+  * dom4j-CVE-2018-1000632.patch
+  * dom4j-CVE-2020-10683.patch
+  * dom4j-enable-stax-datatypes.patch
+  * dom4j-javadoc.patch
+  * dom4j-sourcetarget.patch
+    + not needed with this version
+
 -------------------------------------------------------------------
 Mon Jul 24 19:38:26 UTC 2023 - Fridrich Strba <fstrba@suse.com>

@ -32,7 +84,7 @@ Fri Jan 25 11:10:16 UTC 2019 - Cédric Bosdonnat <cbosdonnat@suse.com>

 - Build STAXEventReader, STAXEventWriter and the data types.
  [bsc#1123158]
-  * Added patch dom4j-enable-stax-datatypes.patch 
+  * Added patch dom4j-enable-stax-datatypes.patch

 -------------------------------------------------------------------
 Tue Sep 18 10:31:28 UTC 2018 - pmonrealgonzalez@suse.com