HeroDevs
Visit NES for Dom4J Home Page

Dom4J Release Notes

Complete Changelog for NES for Dom4J

2 Patched Vulnerabilities
VEX Statements

Dom4J

1.6.2 (NES) - February 27, 2025

Notes

  • This release originates from the open‑source Dom4J project forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds.

Bug Fixes

This release patches the following:

  • CVE-2020-10683: dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.
  • CVE-2018-1000632: dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection.

Full Version: 1.6.1-dom4j-1.6.2