Tibor Digana created ARCHETYPE-568:
--------------------------------------
Summary: Removed dom4j library
Key: ARCHETYPE-568
URL: https://issues.apache.org/jira/browse/ARCHETYPE-568
Project: Maven Archetype
Issue Type: Improvement
Reporter: Tibor Digana
Assignee: Tibor Digana
Fix For: 3.1.1
Due to the vulnerable to CVE-2018-1000632 in dom4j:1.6.1 we are removing the
library and we use Java XML API instead. The vulnerable to CVE-2018-1000632 is
fixed in dom4j:2.2.1 at Java 1.8 which breks the current bytecode version 1.7
in this project. Improved code is very small. Originally the code was
duplicated twice. We made a refactoring and new code with Java API has no
duplicates. Particular unit tests were improved using {{xmlunit-matchers}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)