[Xmlunit-general] XMLUnit for Java and XMLUnit.NET 2.6.0 Released

[Stefan B. <bo...@ap...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

These releases fix a few bugs and introduce smaller new features as
well as a completely new experimental module that aims to provide a
DSL that controls the diff process inside of the control XML document.

Starting with XMLUnit 2.6.0 all XML parsers are configured according
to OWASP recommendations for XML eXternal Entity injection preventions
- - which means you need to override certain settings if you need to
load external entities. This is a change that breaks backwards
compatibility - at least in the Java version. If you've been using
.NET 4.5.2 or above all configurations have been safe by default
anyway.

XXE prevention is not enabled inside of the validation package and
XMLUnit for Java's legacy module.

The full list of changes for XMLUnit for Java:

* add a new experimental project xmlunit-placeholders which aims to
  use ${xmlunit.FOO} expressions inside of the control document to
  allow for a DSL-like approach of defining more complex tests.  This
  initial seed only supports ${xmlunit.ignore} which can be used to
  make XMLUnit ignore the element containing this text.
  PR #105 (https://github.com/xmlunit/xmlunit/pull/105) by
  @zheng-wang.

* added withDocumentBuilderFactory methods to HasXPathMatcher and
  EvaluateXPathMatcher to allow explicit configuration of the
  DocumentBuilderFactory used.
  Issue #108 (https://github.com/xmlunit/xmlunit/issues/108).

* the DocmentBuilderFactory and TransformerFactory instances used by
  XMLUnit are now configured to not load any external DTDs or parse
  external entities. They are now configured according to the OWASP
  recommendations for XML eXternal Entity injection preventions. The
  TransformerFactory used by the org.xmlunit.transform.Transformation
  class is still configured to load external stylesheets, though.

  For the legacy package XXE prevention has to be enabled via
  XMLUnit.enableXXEProtection explicitly.

  This is a breaking change and you may need to provide
  DocmentBuilderFactory or TransformerFactory instances of your own if
  you need to load external entities.

  The SAXParserFactory and SchemaFactory instances used inside of the
  validation package have not been changed as their use is likely to
  require loading of external DTDs or schemas.

  Issue #91 (https://github.com/xmlunit/xmlunit/issues/91).

* the configured NodeFilter is now applied before comparing
  DocumentType nodes.

  This change breaks backwards compatibility as the old behavior was
  to ignore DocumentType when counting the children of the Document
  node but not when actually comparing the DocumentType. Prior to this
  change if one document had a document type declaration but the other
  didn't, a HAS_DOCTYPE_DECLARATION difference was detected, this will
  no longer be the case now. If you want to detect this difference,
  you need to use a more lenient NodeFilter than NodeFilters.Default
  (i.e. NodeFilters.AcceptAll) but then you will see an additional
  CHILD_NODELIST_LENGTH difference.

  The legacy package has been adapted and will behave as before even
  when using NewDifferenceEngine.

  Issue #116 (https://github.com/xmlunit/xmlunit/issues/116).

* added a new Source implementation
  ElementContentWhitespaceStrippedSource which is similar to
  WhitespaceStrippedSource but only affects text nodes that solely
  consist of whitespace and doesn't affect any other text nodes. Also
  added convenience ignoreElementContentWhitespace methods to
  DiffBuilder and CompareMatcher.
  Issue #119 (https://github.com/xmlunit/xmlunit/issues/119).

The full list of changes for XMLUnit.NET:

* add a new experimental module xmlunit-placeholders which aims to use
  ${xmlunit.FOO} expressions inside of the control document to allow
  for a DSL-like approach of defining more complex tests.  This
  initial seed only supports ${xmlunit.ignore} which can be used to
  make XMLUnit ignore the element containing this text.

* fixed the message when CompareConstraint or ValidationConstraints
  (both NUnit 2.x and 3.x) as well as EvaluateXPathConstraint or
  HasXPathConstraint (only the NUnit 3.x versions) pass but the
  assertion fails because the constraint itself was wrapped in a Not
  constraint.

* the NUnit 3.x EvaluateXPathConstraint failed to resolve the nested
  constraint, leading to erroneous messages if the assertion failed.
  Issue #25 (https://github.com/xmlunit/xmlunit.net/issues/25)

* the XmlDocument instances used internally in Convert and
  Transformation now get their XmlResolver property set to null by
  default - which happens to be the default value of .NET 4.5.2 and
  later anyway. This is in accordance with the OWASP recommendations
  for XML eXternal Entity injection preventions.

  This may be a breaking change and you may need to provide an
  explicit XmlResolver instance of your own if you need to load
  external entities.

  Issue #27 (https://github.com/xmlunit/xmlunit.net/issues/27).

* added a new ISource implementation
  ElementContentWhitespaceStrippedSource which is similar to
  WhitespaceStrippedSource but only affects text nodes that solely
  consist of whitespace and doesn't affect any other text nodes. Also
  added convenience IgnoreElementContentWhitespace methods to
  DiffBuilder and CompareConstraint.
  Issue similar to xmlunit/#119 (https://github.com/xmlunit/xmlunit/issues/119).

* the configured NodeFilter is now applied before comparing
  XmlDocumentType nodes.

  This change breaks backwards compatibility as the old behavior was
  to ignore XmlDocumentType when counting the children of the
  XmlDocument node but not when actually comparing the
  XmlDocumentType. Prior to this change if one document had a document
  type declaration but the other didn't, a HAS_DOCTYPE_DECLARATION
  difference was detected, this will no longer be the case now. If you
  want to detect this difference, you need to use a more lenient
  NodeFilter than NodeFilters.Default (i.e. NodeFilters.AcceptAll) but
  then you will see an additional CHILD_NODELIST_LENGTH difference.

  Issue #26 (https://github.com/xmlunit/xmlunit.net/issues/26).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlrcckIACgkQohFa4V9ri3K3xgCggkmHmHodyUqNPCUdel8RHTK3
YNMAoNlX2vTunu9Q5+vh7RByjal2CJ5x
=M97l
-----END PGP SIGNATURE-----