Skip to content

xoai-3.4.1

Latest
Latest

Choose a tag to compare

View all tags
@tdonohue tdonohue released this 19 May 17:22
· 20 commits to 3.x since this release
xoai-3.4.1
f83ef14

Release Notes

  • Requires JDK 11+
  • Patch for potential XXE attack in OAIPMHParser. This class is unused by DSpace but may be used by others who use xoai. See #104
  • Update many dependencies to latest versions via @dependabot

Available via Maven Central:

<dependency>
    <groupId>org.dspace</groupId>
    <artifactId>xoai</artifactId>
    <version>3.4.1</version>
</dependency>

What's Changed

  • Bump the build-tools group with 8 updates by @dependabot in #95
  • Bump org.apache.logging.log4j:log4j-core from 2.20.0 to 2.24.3 by @dependabot in #97
  • Update JAXB dependencies to be compile-only by @tdonohue in #103
  • Bump com.google.guava:guava from 32.0.0-jre to 32.1.3-jre by @dependabot in #101
  • Bump com.fasterxml.woodstox:woodstox-core from 6.4.0 to 6.7.0 by @dependabot in #100
  • Bump the apache-commons group with 4 updates by @dependabot in #96
  • Bump net.sf.saxon:Saxon-HE from 9.8.0-14 to 9.9.1-8 by @dependabot in #99
  • Bump org.glassfish.jaxb:jaxb-runtime from 2.3.8 to 2.3.9 by @dependabot in #98
  • Bump jaxen:jaxen from 1.1.4 to 2.0.0 by @dependabot in #102
  • Potential fix for code scanning alert no. 1: Resolving XML external entity in user-controlled data by @tdonohue in #104

Full Changelog: xoai-3.4.0...xoai-3.4.1

Contributors

tdonohue and dependabot
Assets 2
Loading