What's Changed

Dom4j version 2.2.0 requires Java 11 or higher. The reason is the migration from JavaEE to JakartaEE, which requires Java 11.
Dom4j 2.1.x remains compatible with Java 8.

• Migrate from JavaEE to JakartaEE by @dskilesdf in #186
• Improves multiple threads parsing efficiency by @qingzhongli in #57
• Fixed #120 by adding AutoClosable by @reinhapa in #160
• Implementation and tests for ordering of element attributes by @PAX523 in #69
• Use Gradle features/capabilities to model optional dependencies by @halfninja in #116
• Don't skip empty comments by @FilipJirsak in #80

New Contributors

• @qingzhongli made their first contribution in #57
• @PAX523 made their first contribution in #69
• @halfninja made their first contribution in #116
• @dskilesdf made their first contribution in #186

Full Changelog: version/2.1.5...version/2.2.0

What's Changed

• Bump gradle from 6.3 to 8.13 (fixes #187) by @reinhapa in #188
• Remove unnecessary constant conditional by @ecki in #174
• Remove misleading no-op lines incorrectly trying to disable external entities by @chadlwilson in #173

New Contributors

• @ecki made their first contribution in #174
• @chadlwilson made their first contribution in #173

Full Changelog: version-2.1.4...version-2.1.5

What's Changed

• updated pull-parser version by @jayknoxqu in #129
• Reuse the writeAttribute method in writeAttributes. by @Ekryd in #134
• support build on OS with non-UTF8 as default charset by @qxo in #96
• Gradle: add an automatic module name (fixes #67) by @carlosame in #84
• Use Correct License Name "Plexus" by @tisoft in #98

New Contributors

• @jayknoxqu made their first contribution in #129
• @Ekryd made their first contribution in #134
• @qxo made their first contribution in #96
• @carlosame made their first contribution in #84
• @tisoft made their first contribution in #98

Full Changelog: version-2.1.3...version-2.1.4

Improvements

• Added new factory method org.dom4j.io.SAXReader.createDefault(). It hase more secure defaults than new SAXReader(), which uses system
  XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). SAXReader.createDefault() disable parsing of external entities
  in the SAX parser.

Branch 2.0.x for Java 1.5 aligned with branch 2.1.x.

Improvements

• Added new factory method org.dom4j.io.SAXReader.createDefault(). It hase more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). SAXReader.createDefault() disable parsing of external entities in the SAX parser.

Bug fix release.

Potential breaking changes

• If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
• Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions):
  • http://xml.org/sax/properties/external-general-entities
  • http://xml.org/sax/properties/external-parameter-entities

Fixed issues

• #28 Possible vulnerability of DocumentHelper.parseText() to XML injection (reported by @s0m30ne)
• #34 CVS directories left in the source tree (reported by @ebourg)
• #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @abenkovskii)
• #39 writer.writeOpen(x) doesn't write namespaces (reported by @borissmidt)
• #40 concurrency problem with QNameCache (@jbennett2091)
• #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
• #44 SAXReader: hardcoded namespace features (reported by @philippeu)
• #48 validate QNames (reported by @mario-areias)

Minimum supported version of Java for this branch upgraded to Java 8. Added support for build with Java 9.

This release contain only bug-fixes:

• StringIndexOutOfBoundsException in XMLWriter.writeElementContent() (#26)
• TreeNode has grown some generics

This release contain only bug-fixes:

• QName serialization fix (#17)
• DocumentException initialize with nested exception (#20)
• Accidentally occurring error in a multi-threaded test (#14)

• compatibility with W3C DOM Level 3 → compatible with Java 5+
• use Java generics