SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for dom4j-2.1.4-96.134.noarch.rpm :

* Wed Feb 21 2024 gus.kenionAATTsuse.com- Use %patch -P N instead of deprecated %patchN.
* Thu Feb 15 2024 fstrbaAATTsuse.com- The license is actually Plexus
* Thu Nov 02 2023 shvetz.antonAATTgmail.com- JPMS: Add the Automatic-Module-Name attribute to the manifest.
* Thu Aug 24 2023 fstrbaAATTsuse.com- Make a separate flavour for a minimal dom4j-bootstrap package used to build jaxen and full dom4j- Added patch:
* 0001-no-jaxen-dom4.patch
* for the bootstrap package, patch out the code that requires jaxen with dom4j support to build
* Thu Aug 24 2023 fstrbaAATTsuse.com- Upgrade to upstream version 2.1.4
* Improvements and potentially breaking changes + Added new factory method org.dom4j.io.SAXReader.createDefault(). It has more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). + If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j. + Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions): ° http://xml.org/sax/properties/external-general-entities ° http://xml.org/sax/properties/external-parameter-entities
* Other changes: + updated pull-parser version + Reuse the writeAttribute method in writeAttributes + support build on OS with non-UTF8 as default charset + Gradle: add an automatic module name + Use Correct License Name \"Plexus\" + Possible vulnerability of DocumentHelper.parseText() to XML injection + CVS directories left in the source tree + XMLWriter does not escape supplementary unicode characters correctly + writer.writeOpen(x) doesn\'t write namespaces + concurrency problem with QNameCache + all dependencies are optional + SAXReader: hardcoded namespace features + validate QNames + StringIndexOutOfBoundsException in XMLWriter.writeElementContent() + TreeNode has grown some generics + QName serialization fix + DocumentException initialize with nested exception + Accidentally occurring error in a multi-threaded test + compatibility with W3C DOM Level 3 + use Java generics- Removed patches:
* dom4j-1.6.1-bug1618750.patch
* dom4j-CVE-2018-1000632.patch
* dom4j-CVE-2020-10683.patch
* dom4j-enable-stax-datatypes.patch
* dom4j-javadoc.patch
* dom4j-sourcetarget.patch + not needed with this version
* Mon Jul 24 2023 fstrbaAATTsuse.com- Do not depend on jtidy, since it is not used during build
* Wed Mar 30 2022 fstrbaAATTsuse.com- Build against the standalone JavaEE modules unconditionally
* Mon Mar 28 2022 fstrbaAATTsuse.com- Add alias to the new artifact coordinates org.dom4j:dom4j- Simplify the spec file a bit
* Thu Mar 17 2022 fstrbaAATTsuse.com- Add jaxb-api dependency for relevant distribution versions so that we can build with JDKs that do not include the JavaEE modules
* Fri Apr 17 2020 pmonrealgonzalezAATTsuse.com- Security fix: [bsc#1169760, CVE-2020-10683]
* External Entity vulnerability in default SAX parser
* Add dom4j-CVE-2020-10683.patch
* Fri Jan 25 2019 cbosdonnatAATTsuse.com- Build STAXEventReader, STAXEventWriter and the data types. [bsc#1123158]
* Added patch dom4j-enable-stax-datatypes.patch
* Tue Sep 18 2018 pmonrealgonzalezAATTsuse.com- Security fix: [bsc#1105443, CVE-2018-1000632]
* Version prior to version 2.1.1 contains a CWE-91: XML Injectionvulnerability in Class: Element. Methods: addElement, addAttribute that canresult in an attacker tampering with XML documents through.
* Added dom4j-CVE-2018-1000632.patch
* Tue Jul 10 2018 fstrbaAATTsuse.com- Added patch:
* dom4j-javadoc.patch + Don\'t load urls while building javadoc in environment without connectivity
* Wed May 16 2018 fstrbaAATTsuse.com- Modified patch:
* dom4j-sourcetarget.patch + Build with source and target 8 to prepare for a possible removal of 1.6 compatibility
* Fri Sep 08 2017 fstrbaAATTsuse.com- Added patch:
* dom4j-sourcetarget.patch + Use java source and target level 1.6 in order to allow building with jdk9
* Fri May 19 2017 mpluskalAATTsuse.com- Update dependencies
* Wed Mar 18 2015 tchvatalAATTsuse.com- Fix build with new javapackages-tools
* Tue Jul 08 2014 tchvatalAATTsuse.com- Do not depend on ant-trax and run spec-cleaner.
* Mon Sep 09 2013 tchvatalAATTsuse.com- Move from jpackage-utils to javapackage-tools
* Wed Aug 28 2013 mvyskocilAATTsuse.com- use add_maven_depmap from javapackages-tools- drop repolib part (never built)- drop pointless jarjar- unversioned javadoc
* Fri Mar 23 2012 cfarrellAATTsuse.com- license update: Apache-1.1 SPDX
* Sun Sep 18 2011 jengelhAATTmedozas.de- Remove redundant tags/sections from specfile (cf. packaging guidelines)
* Wed May 20 2009 mvyskocilAATTsuse.cz- \'fixed bnc#501764: removed clover.license from source tarball\'
* Mon May 18 2009 mvyskocilAATTsuse.cz- Removed documentation of ConcurrentReaderHashMap (bnc#504663)
* dom4j-1.6.1/docs/clover/org/dom4j/tree/ConcurrentReaderHashMap.html
* dom4j-1.6.1/docs/xref/org/dom4j/tree/ConcurrentReaderHashMap.html
* Thu May 14 2009 mvyskocilAATTsuse.cz- Initial SUSE packaging:
* spec script and jarjar build support was taken from jpackage.org 5.0
* Source of dom4j and build.xml comes from Debian unstable, as there don\'t need proprietary msv from sun (bnc#430592)
  
ICM