This release may require you to adjust you configuration when comparing files that use DTDs. When XMLUnit 2.6.0 has been release it was intended to disallow DTD parsing by default, but due to a bug still allowed it. This has now been fixed.
Full list of changes:
bumped xmlunit-assertj3's dependency on assert to 3.27.7.
XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why
the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended
upgrade path for users of AssertJ 3.x+.
actually made withDTDParsingDisabled do what it says.
This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to
do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the
behavior of XMLUnit 2.6.0 to 2.11.0.
This release may require you to adjust you configuration when comparing files that use DTDs. When XMLUnit 2.6.0 has been release it was intended to disallow DTD parsing by default, but due to a bug still allowed it. This has now been fixed.
Full list of changes:
This is to make people aware of
https://github.com/assertj/assertj/security/advisories/GHSA-rqfh-9r24-8c9r
XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why
the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended
upgrade path for users of AssertJ 3.x+.
PRs #320 and
#321
withDTDParsingDisableddo what it says.This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to
do with XMLUnit 2.6.0 eight years ago.
DocumentBuilderFactoryConfigurer.DefaultWithDTDParsingprovides thebehavior of XMLUnit 2.6.0 to 2.11.0.
PRs #326 by @jmestwa-coder
and #328