Versions 2.0.3 and 2.1.2 released.

dom4j · Apr 11, 2020 · e387710 · e387710 · benalexau · Apr 12, 2020
1 parent 6ad8fb9
commit e387710
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -9,6 +9,13 @@
 
 # News
 
+## Version 2.0.3 and 2.1.2 released
+
+### Improvements
+* Added new factory method `org.dom4j.io.SAXReader.createDefault()`. It hase more secure defaults than `new SAXReader()`, which uses system
+ `XMLReaderFactory.createXMLReader()` or `SAXParserFactory.newInstance().newSAXParser()`. `SAXReader.createDefault()` disable parsing of external entities
+  in the SAX parser.
+
 ## Version 2.1.1 released
 Bug fix release.
 
@@ -24,5 +31,3 @@ Bug fix release.
 * #43 and #46 all dependencies are optional (reported by @Zardoz89 and @vmassol)
 * #44 SAXReader: hardcoded namespace features (reported by @philippeu)
 * #48 validate `QName`s (reported by @mario-areias)
-
-Version 2.0.3 (for Java 5–7) is on the way.