[
https://issues.apache.org/jira/browse/ARCHETYPE-568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16860255#comment-16860255
]
Tibor Digana commented on ARCHETYPE-568:
----------------------------------------
[~tony--]
Sylwester told me that he will cut the release. So I think it will happen these
days.
> Removed dom4j library
> ---------------------
>
> Key: ARCHETYPE-568
> URL: https://issues.apache.org/jira/browse/ARCHETYPE-568
> Project: Maven Archetype
> Issue Type: Improvement
> Reporter: Tibor Digana
> Assignee: Tibor Digana
> Priority: Major
> Fix For: 3.1.1
>
>
> Due to the vulnerable to CVE-2018-1000632 in dom4j:1.6.1 we are removing the
> library and we use Java XML API instead. The vulnerable to CVE-2018-1000632
> is fixed in dom4j:2.2.1 at Java 1.8 which breaks the current bytecode version
> 1.7 in this project. Improved code is very small. Originally the code was
> duplicated twice. We made a refactoring and new code with Java API has no
> duplicates. Particular unit tests were improved using {{xmlunit-matchers}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
