From a6f11c22abdcb24f2e0fe34eff0791bad6e58fe0 Mon Sep 17 00:00:00 2001 From: Carlos Amengual Date: Thu, 22 Oct 2020 18:46:50 +0200 Subject: [PATCH] Release Notes for 1.1. --- RELEASE_NOTES.txt | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt index f9556c2..d33e668 100644 --- a/RELEASE_NOTES.txt +++ b/RELEASE_NOTES.txt @@ -2,22 +2,34 @@ CSS4J RELEASE NOTES =================== -Release 1.0.9 - October 11, 2020 [This release is EOL and not formally supported] ---------------------------------------------------------------------------------- +Release 1.1.0 - October 22, 2020 +-------------------------------- Release Highlights ------------------ This release backports a few 3.x improvements to the 1.x branch, although users -should upgrade to 2.1 or later as soon as possible (1.x is not formally -maintained anymore). When upgrading, please keep in mind that 2 and 3.x releases -require Java 8 or higher. +should upgrade to 3.1 or later as soon as possible. When upgrading, please keep +in mind that 2 and 3.x releases require Java 8 or higher. + + Notable changes: + + - Previous versions are vulnerable to DoS attacks, and the new protections use + the new CSSDocument.isAuthorizedOrigin(URL) method. + - The method ErrorHandler.hasErrors() now returns true if there are I/O errors. + Those errors were previously considered transient, and therefore weren't + appearing there. + - On attribute nodes, getTextContent() now returns the attribute value instead + of the empty string. + + These new behaviors mean that this release is not fully backwards-compatible +with 1.0, so the minor version was bumped to 1.1. BUGS ---- The 1.x branch has known bugs, and most of them are considered as too difficult to fix with the 1.x API. If you keep using 1.x instead of the latest version -(currently 2.1), you acknowledge that the 1.x software has more bugs, is less +(currently 3.1), you acknowledge that the 1.x software has more bugs, is less compliant with the specifications and has less protection against security vulnerabilities.