XMLUnit v2.6.0 Release Notes
Release Date: 2018-04-22 // almost 6 years ago-
🚀 This release fixes a few bugs and introduces a new experimental feature. In particular XMLUnit will now configure all XML parsing code in a way that prevents XML eXternal Entity injections (XXE) by default - the only exceptions are the validation package and the legacy module.
The full list of changes is:
➕ add a new experimental project xmlunit-placeholders which aims to
👉 use${xmlunit.FOO}
expressions inside of the control document to
👍 allow for a DSL-like approach of defining more complex tests.
👀 This initial seed only supports${xmlunit.ignore}
which can be
👉 used to make XMLUnit ignore the element containing this text.
PR #105 by
@zheng-wang.➕ added
withDocumentBuilderFactory
methods toHasXPathMatcher
and
🔧EvaluateXPathMatcher
to allow explicit configuration of the
DocumentBuilderFactory
used.
Issue #108.the
DocmentBuilderFactory
andTransformerFactory
instances used
🔧 by XMLUnit are now configured to not load any external DTDs or parse
🔧 external entities. They are now configured according to the OWASP
recommendations for XML eXternal Entity injection
preventions. The
TransformerFactory
used by the
🔧org.xmlunit.transform.Transformation
class is still configured to
💅 load external stylesheets, though.📦 For the
legacy
package XXE prevention has to be enabled via
XMLUnit.enableXXEProtection
explicitly.This is a breaking change and you may need to provide
DocmentBuilderFactory
orTransformerFactory
instances of your
own if you need to load external entities.📜 The
SAXParserFactory
andSchemaFactory
instances used inside of
📦 thevalidation
package have not been changed as their use is
likely to require loading of external DTDs or schemas.Issue #91.
🔧 the configured
NodeFilter
is now applied before comparing
DocumentType
nodes.This change breaks backwards compatibility as the old behavior was
to ignoreDocumentType
when counting the children of the
Document
node but not when actually comparing the
DocumentType
. Prior to this change if one document had a document
type declaration but the other didn't, aHAS_DOCTYPE_DECLARATION
difference was detected, this will no longer be the case now. If you
want to detect this difference, you need to use a more lenient
0️⃣NodeFilter
thanNodeFilters.Default
👀 (i.e.NodeFilters.AcceptAll
) but then you will see an additional
CHILD_NODELIST_LENGTH
difference.📦 The legacy package has been adapted and will behave as before even
when usingNewDifferenceEngine
.Issue #116.
➕ added a new
Source
implementation
ElementContentWhitespaceStrippedSource
which is similar to
WhitespaceStrippedSource
but only affects text nodes that solely
consist of whitespace and doesn't affect any other text nodes. Also
➕ added convenienceignoreElementContentWhitespace
methods to
DiffBuilder
andCompareMatcher
.
Issue #119.