These releases fix a few bugs and introduce smaller new features as well as a completely new experimental module that aims to provide a DSL that controls the diff process inside of the control XML document.

Starting with XMLUnit 2.6.0 all XML parsers are configured according to OWASP recommendations for XML eXternal Entity injection preventions - which means you need to override certain settings if you need to load external entities. This is a change that breaks backwards compatibility - at least in the Java version. If you've been using .NET 4.5.2 or above all configurations have been safe by default anyway.

XXE prevention is not enabled inside of the validation package and XMLUnit for Java's legacy module.

The full list of changes for XMLUnit for Java:

The full list of changes for XMLUnit.NET:

path: /en/oss/XMLUnit | #