Release Notes
- Requires JDK 11+
- Patch for potential XXE attack in
OAIPMHParser. This class is unused by DSpace but may be used by others who use xoai. See #104 - Update many dependencies to latest versions via @dependabot
Available via Maven Central:
<dependency>
<groupId>org.dspace</groupId>
<artifactId>xoai</artifactId>
<version>3.4.1</version>
</dependency>
What's Changed
- Bump the build-tools group with 8 updates by @dependabot in #95
- Bump org.apache.logging.log4j:log4j-core from 2.20.0 to 2.24.3 by @dependabot in #97
- Update JAXB dependencies to be compile-only by @tdonohue in #103
- Bump com.google.guava:guava from 32.0.0-jre to 32.1.3-jre by @dependabot in #101
- Bump com.fasterxml.woodstox:woodstox-core from 6.4.0 to 6.7.0 by @dependabot in #100
- Bump the apache-commons group with 4 updates by @dependabot in #96
- Bump net.sf.saxon:Saxon-HE from 9.8.0-14 to 9.9.1-8 by @dependabot in #99
- Bump org.glassfish.jaxb:jaxb-runtime from 2.3.8 to 2.3.9 by @dependabot in #98
- Bump jaxen:jaxen from 1.1.4 to 2.0.0 by @dependabot in #102
- Potential fix for code scanning alert no. 1: Resolving XML external entity in user-controlled data by @tdonohue in #104
Full Changelog: xoai-3.4.0...xoai-3.4.1