[ https://issues.apache.org/jira/browse/ARCHETYPE-568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16860255#comment-16860255 ]
Tibor Digana commented on ARCHETYPE-568: ---------------------------------------- [~tony--] Sylwester told me that he will cut the release. So I think it will happen these days. > Removed dom4j library > --------------------- > > Key: ARCHETYPE-568 > URL: https://issues.apache.org/jira/browse/ARCHETYPE-568 > Project: Maven Archetype > Issue Type: Improvement > Reporter: Tibor Digana > Assignee: Tibor Digana > Priority: Major > Fix For: 3.1.1 > > > Due to the vulnerable to CVE-2018-1000632 in dom4j:1.6.1 we are removing the > library and we use Java XML API instead. The vulnerable to CVE-2018-1000632 > is fixed in dom4j:2.2.1 at Java 1.8 which breaks the current bytecode version > 1.7 in this project. Improved code is very small. Originally the code was > duplicated twice. We made a refactoring and new code with Java API has no > duplicates. Particular unit tests were improved using {{xmlunit-matchers}}. -- This message was sent by Atlassian JIRA (v7.6.3#76005)