dom4j
dom4j copied to clipboard
flexible XML framework for Java
dom4j
dom4j
is an open source framework for processing XML which is integrated with XPath and fully supports DOM, SAX, JAXP and the Java platform such as Java 2 Collections.
News
Version 2.0.3 and 2.1.3 released
(Version 2.1.2 has been skipped.)
Improvements
- Added new factory method
org.dom4j.io.SAXReader.createDefault()
. It hase more secure defaults thannew SAXReader()
, which uses systemXMLReaderFactory.createXMLReader()
orSAXParserFactory.newInstance().newSAXParser()
.SAXReader.createDefault()
disable parsing of external entities in the SAX parser.
Version 2.1.1 released
Bug fix release.
Potential breaking changes
- If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
Fixed issues
- #28 Possible vulnerability of
DocumentHelper.parseText()
to XML injection (reported by @s0m30ne) - #34 CVS directories left in the source tree (reported by @ebourg)
- #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @abenkovskii)
- #39 writer.writeOpen(x) doesn't write namespaces (reported by @borissmidt)
- #40 concurrency problem with
QNameCache
(@jbennett2091) - #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
- #44 SAXReader: hardcoded namespace features (reported by @philippeu)
- #48 validate
QName
s (reported by @mario-areias)