Tibor Digana created ARCHETYPE-568:
--------------------------------------

             Summary: Removed dom4j library
                 Key: ARCHETYPE-568
                 URL: https://issues.apache.org/jira/browse/ARCHETYPE-568
             Project: Maven Archetype
          Issue Type: Improvement
            Reporter: Tibor Digana
            Assignee: Tibor Digana
             Fix For: 3.1.1


Due to the vulnerable to CVE-2018-1000632 in dom4j:1.6.1 we are removing the 
library and we use Java XML API instead. The vulnerable to CVE-2018-1000632 is 
fixed in dom4j:2.2.1 at Java 1.8 which breks the current bytecode version 1.7 
in this project. Improved code is very small. Originally the code was 
duplicated twice. We made a refactoring and new code with Java API has no 
duplicates. Particular unit tests were improved using {{xmlunit-matchers}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to