From 96b275ece5d27118d13e5c45b3862734fbf6418eed8bf4b30e53218c31d06243 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Thu, 24 Aug 2023 05:14:44 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/Java:packages/dom4j?expand=0&rev=48 --- dom4j.changes | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/dom4j.changes b/dom4j.changes index 1566f65..dc36af5 100644 --- a/dom4j.changes +++ b/dom4j.changes @@ -1,3 +1,55 @@ +------------------------------------------------------------------- +Thu Aug 24 04:59:20 UTC 2023 - Fridrich Strba + +- Upgrade to upstream version 2.1.4 + * Improvements and potentially breaking changes + + Added new factory method + org.dom4j.io.SAXReader.createDefault(). It has more secure + defaults than new SAXReader(), which uses system + XMLReaderFactory.createXMLReader() or + SAXParserFactory.newInstance().newSAXParser(). + + If you use some optional dependency of dom4j (for example + Jaxen, xsdlib etc.), you need to specify an explicit + dependency on it in your project. They are no longer marked as + a mandatory transitive dependency by dom4j. + + Following SAX parser features are disabled by default in + DocumentHelper.parse() for security reasons (they were enabled + in previous versions): + ° http://xml.org/sax/properties/external-general-entities + ° http://xml.org/sax/properties/external-parameter-entities + * Other changes: + + updated pull-parser version + + Reuse the writeAttribute method in writeAttributes + + support build on OS with non-UTF8 as default charset + + Gradle: add an automatic module name + + Use Correct License Name "Plexus" + + Possible vulnerability of DocumentHelper.parseText() to XML + injection + + CVS directories left in the source tree + + XMLWriter does not escape supplementary unicode characters + correctly + + writer.writeOpen(x) doesn't write namespaces + + concurrency problem with QNameCache + + all dependencies are optional + + SAXReader: hardcoded namespace features + + validate QNames + + StringIndexOutOfBoundsException in + XMLWriter.writeElementContent() + + TreeNode has grown some generics + + QName serialization fix + + DocumentException initialize with nested exception + + Accidentally occurring error in a multi-threaded test + + compatibility with W3C DOM Level 3 + + use Java generics +- Removed patches: + * dom4j-1.6.1-bug1618750.patch + * dom4j-CVE-2018-1000632.patch + * dom4j-CVE-2020-10683.patch + * dom4j-enable-stax-datatypes.patch + * dom4j-javadoc.patch + * dom4j-sourcetarget.patch + + not needed with this version + ------------------------------------------------------------------- Mon Jul 24 19:38:26 UTC 2023 - Fridrich Strba @@ -32,7 +84,7 @@ Fri Jan 25 11:10:16 UTC 2019 - Cédric Bosdonnat - Build STAXEventReader, STAXEventWriter and the data types. [bsc#1123158] - * Added patch dom4j-enable-stax-datatypes.patch + * Added patch dom4j-enable-stax-datatypes.patch ------------------------------------------------------------------- Tue Sep 18 10:31:28 UTC 2018 - pmonrealgonzalez@suse.com