css4j v1.0.9

This release backports a few 3.x improvements to the 1.x branch, although users should upgrade to 2.1 or later as soon as possible (1.x is not formally maintained anymore). When upgrading, please keep in mind that 2 and 3.x releases require Java 8 or higher.

This release adds SVG 1.1 DTD support to DefaultEntityResolver, and provides a few DOM fixes.

HEADS UP: In css4-dom4j, the text content of <style> elements is updated with the serialization of the contained style sheet, when calling normalize() on it. Perhaps this should have caused the release to be labeled as "1.1", hopefully there are no downstream regressions because of that.

css4j v3.0.0

Three modules were split out from the css4j module in 2.x: tokenproducer, carte-util and xml-dtd. This should give more flexibility to developers that only want one of them (or want to use css4j without xml-dtd).

Now you can use finer-grained modules, but if you used css4j together with DTD classes, in Maven you now need to specify the xml-dtd module separately, like:

    <dependency>
		<groupId>io.sf.carte</groupId>
		<artifactId>xml-dtd</artifactId>
		<version>${css4j.version}</version>
		<type>jar</type>
		<scope>compile</scope>
		<optional>false</optional>
    </dependency>
    <dependency>
		<groupId>io.sf.carte</groupId>
		<artifactId>css4j</artifactId>
		<version>${css4j.version}</version>
		<type>jar</type>
		<scope>compile</scope>
		<optional>false</optional>
    </dependency>

css4j v2.1.1

Bug fixes, and the SVG 1.1 DTD is now built into DefaultEntityResolver.

css4j v2.0.6

Bug fixes.

css4j v2.1.0

This release features the following (compared to 2.0):

• NSAC 2.1.
• Support for empty custom properties (--foo:;).
• env() is now processed in computed values.
• The parsing is a bit more Windows-friendly. Previous versions produced different whitespaces when parsing custom CSS rules for Windows and Unix; that was enough to break some unit tests on Windows.

css4j v1.0.8

Version 1.0.8 introduces resource limits: if one uses this library's own SAC/NSAC implementation, style sheets are now limited to 100MB (this can be configured at CSSParser) and DTDs (only those directly parsed by this library: ContentModel and EntityFinder) to 1MB.

Once the limit is hit, a SecurityException is thrown.

css4j v2.0.5

Fixes a DoS vulnerability in var() substitution if untrusted CSS is used to compute styles.

css4j v1.0.7

All 1.0 users must upgrade at least to this release (or even better, to 2.0 or later).

css4j v2.0.4

Bug fixes.

css4j v1.0.6

Latest bugfixes backported from supported branches.