Uploaded image for project: 'Maven Archetype'
  1. Maven Archetype
  2. ARCHETYPE-568

Remove dom4j library

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.1.0
    • 3.1.1
    • None
    • None

    Description

      Due to the vulnerable to CVE-2018-1000632 in dom4j:1.6.1, we are removing the library and we use Java XML API instead.

      The vulnerable to CVE-2018-1000632 is fixed in dom4j:2.1.1 at Java 1.8 which breaks the current bytecode version 1.7 in this project.

      Improved code is very small. Originally the code was duplicated twice. We made a refactoring and new code with Java API has no duplicates. Particular unit tests were improved using xmlunit-matchers.

      Attachments

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. ARCHETYPE-584 Resulting root pom.xml from archetype generation has additional newlines with JDK11

          • Major - Major loss of function.
          • Closed
          causes

          Bug - A problem which impairs or prevents the functions of the product. ARCHETYPE-587 Multi-modules Archetypes' Root POM file contains empty lines in Java 11

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GH pull request

          Activity

            People

              tibordigana Tibor Digana
              tibordigana Tibor Digana
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: