This commit is contained in:
parent
bd17263ce9
commit
96b275ece5
@ -1,3 +1,55 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 24 04:59:20 UTC 2023 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
- Upgrade to upstream version 2.1.4
|
||||
* Improvements and potentially breaking changes
|
||||
+ Added new factory method
|
||||
org.dom4j.io.SAXReader.createDefault(). It has more secure
|
||||
defaults than new SAXReader(), which uses system
|
||||
XMLReaderFactory.createXMLReader() or
|
||||
SAXParserFactory.newInstance().newSAXParser().
|
||||
+ If you use some optional dependency of dom4j (for example
|
||||
Jaxen, xsdlib etc.), you need to specify an explicit
|
||||
dependency on it in your project. They are no longer marked as
|
||||
a mandatory transitive dependency by dom4j.
|
||||
+ Following SAX parser features are disabled by default in
|
||||
DocumentHelper.parse() for security reasons (they were enabled
|
||||
in previous versions):
|
||||
° http://xml.org/sax/properties/external-general-entities
|
||||
° http://xml.org/sax/properties/external-parameter-entities
|
||||
* Other changes:
|
||||
+ updated pull-parser version
|
||||
+ Reuse the writeAttribute method in writeAttributes
|
||||
+ support build on OS with non-UTF8 as default charset
|
||||
+ Gradle: add an automatic module name
|
||||
+ Use Correct License Name "Plexus"
|
||||
+ Possible vulnerability of DocumentHelper.parseText() to XML
|
||||
injection
|
||||
+ CVS directories left in the source tree
|
||||
+ XMLWriter does not escape supplementary unicode characters
|
||||
correctly
|
||||
+ writer.writeOpen(x) doesn't write namespaces
|
||||
+ concurrency problem with QNameCache
|
||||
+ all dependencies are optional
|
||||
+ SAXReader: hardcoded namespace features
|
||||
+ validate QNames
|
||||
+ StringIndexOutOfBoundsException in
|
||||
XMLWriter.writeElementContent()
|
||||
+ TreeNode has grown some generics
|
||||
+ QName serialization fix
|
||||
+ DocumentException initialize with nested exception
|
||||
+ Accidentally occurring error in a multi-threaded test
|
||||
+ compatibility with W3C DOM Level 3
|
||||
+ use Java generics
|
||||
- Removed patches:
|
||||
* dom4j-1.6.1-bug1618750.patch
|
||||
* dom4j-CVE-2018-1000632.patch
|
||||
* dom4j-CVE-2020-10683.patch
|
||||
* dom4j-enable-stax-datatypes.patch
|
||||
* dom4j-javadoc.patch
|
||||
* dom4j-sourcetarget.patch
|
||||
+ not needed with this version
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 24 19:38:26 UTC 2023 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user