This commit is contained in:
parent
bd17263ce9
commit
96b275ece5
@ -1,3 +1,55 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Aug 24 04:59:20 UTC 2023 - Fridrich Strba <fstrba@suse.com>
|
||||||
|
|
||||||
|
- Upgrade to upstream version 2.1.4
|
||||||
|
* Improvements and potentially breaking changes
|
||||||
|
+ Added new factory method
|
||||||
|
org.dom4j.io.SAXReader.createDefault(). It has more secure
|
||||||
|
defaults than new SAXReader(), which uses system
|
||||||
|
XMLReaderFactory.createXMLReader() or
|
||||||
|
SAXParserFactory.newInstance().newSAXParser().
|
||||||
|
+ If you use some optional dependency of dom4j (for example
|
||||||
|
Jaxen, xsdlib etc.), you need to specify an explicit
|
||||||
|
dependency on it in your project. They are no longer marked as
|
||||||
|
a mandatory transitive dependency by dom4j.
|
||||||
|
+ Following SAX parser features are disabled by default in
|
||||||
|
DocumentHelper.parse() for security reasons (they were enabled
|
||||||
|
in previous versions):
|
||||||
|
° http://xml.org/sax/properties/external-general-entities
|
||||||
|
° http://xml.org/sax/properties/external-parameter-entities
|
||||||
|
* Other changes:
|
||||||
|
+ updated pull-parser version
|
||||||
|
+ Reuse the writeAttribute method in writeAttributes
|
||||||
|
+ support build on OS with non-UTF8 as default charset
|
||||||
|
+ Gradle: add an automatic module name
|
||||||
|
+ Use Correct License Name "Plexus"
|
||||||
|
+ Possible vulnerability of DocumentHelper.parseText() to XML
|
||||||
|
injection
|
||||||
|
+ CVS directories left in the source tree
|
||||||
|
+ XMLWriter does not escape supplementary unicode characters
|
||||||
|
correctly
|
||||||
|
+ writer.writeOpen(x) doesn't write namespaces
|
||||||
|
+ concurrency problem with QNameCache
|
||||||
|
+ all dependencies are optional
|
||||||
|
+ SAXReader: hardcoded namespace features
|
||||||
|
+ validate QNames
|
||||||
|
+ StringIndexOutOfBoundsException in
|
||||||
|
XMLWriter.writeElementContent()
|
||||||
|
+ TreeNode has grown some generics
|
||||||
|
+ QName serialization fix
|
||||||
|
+ DocumentException initialize with nested exception
|
||||||
|
+ Accidentally occurring error in a multi-threaded test
|
||||||
|
+ compatibility with W3C DOM Level 3
|
||||||
|
+ use Java generics
|
||||||
|
- Removed patches:
|
||||||
|
* dom4j-1.6.1-bug1618750.patch
|
||||||
|
* dom4j-CVE-2018-1000632.patch
|
||||||
|
* dom4j-CVE-2020-10683.patch
|
||||||
|
* dom4j-enable-stax-datatypes.patch
|
||||||
|
* dom4j-javadoc.patch
|
||||||
|
* dom4j-sourcetarget.patch
|
||||||
|
+ not needed with this version
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 24 19:38:26 UTC 2023 - Fridrich Strba <fstrba@suse.com>
|
Mon Jul 24 19:38:26 UTC 2023 - Fridrich Strba <fstrba@suse.com>
|
||||||
|
|
||||||
@ -32,7 +84,7 @@ Fri Jan 25 11:10:16 UTC 2019 - Cédric Bosdonnat <cbosdonnat@suse.com>
|
|||||||
|
|
||||||
- Build STAXEventReader, STAXEventWriter and the data types.
|
- Build STAXEventReader, STAXEventWriter and the data types.
|
||||||
[bsc#1123158]
|
[bsc#1123158]
|
||||||
* Added patch dom4j-enable-stax-datatypes.patch
|
* Added patch dom4j-enable-stax-datatypes.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Sep 18 10:31:28 UTC 2018 - pmonrealgonzalez@suse.com
|
Tue Sep 18 10:31:28 UTC 2018 - pmonrealgonzalez@suse.com
|
||||||
|
Loading…
Reference in New Issue
Block a user