Stefan Bodewig's Weblog

Weblog Main Feeds

• Apache (108)
• D-JUG (1)
• Germany (9)
• Java (8)
• Lisp (1)
• Mac (5)
• Windows (1)
• basketball (3)
• books (1)
• crypto (3)
• dotNet (34)
• edutainment (2)
• games (2)
• geourl (1)
• humor (3)
• malware (9)
• oss (52)
• personal (39)
• ramblings (2)
• rheinjug (2)
• ruhrjug (2)
• unsorted (9)

About Me Homepage Family Articles Talks
My PGP key

Categories Archive

These releases fix a few bugs and introduce smaller new features as well as a completely new experimental module that aims to provide a DSL that controls the diff process inside of the control XML document.

Starting with XMLUnit 2.6.0 all XML parsers are configured according to OWASP recommendations for XML eXternal Entity injection preventions - which means you need to override certain settings if you need to load external entities. This is a change that breaks backwards compatibility - at least in the Java version. If you've been using .NET 4.5.2 or above all configurations have been safe by default anyway.

XXE prevention is not enabled inside of the validation package and XMLUnit for Java's legacy module.

The full list of changes for XMLUnit for Java:

• add a new experimental project xmlunit-placeholders which aims to use ${xmlunit.FOO} expressions inside of the control document to allow for a DSL-like approach of defining more complex tests. This initial seed only supports ${xmlunit.ignore} which can be used to make XMLUnit ignore the element containing this text. PR #105 by @zheng-wang.
• added withDocumentBuilderFactory methods to HasXPathMatcher and EvaluateXPathMatcher to allow explicit configuration of the DocumentBuilderFactory used. Issue #108

• the DocmentBuilderFactory and TransformerFactory instances used by XMLUnit are now configured to not load any external DTDs or parse external entities. They are now configured according to the OWASP recommendations for XML eXternal Entity injection preventions. The TransformerFactory used by the org.xmlunit.transform.Transformation class is still configured to load external stylesheets, though.

  For the legacy package XXE prevention has to be enabled via XMLUnit.enableXXEProtection explicitly.

  This is a breaking change and you may need to provide DocmentBuilderFactory or TransformerFactory instances of your own if you need to load external entities.

  The SAXParserFactory and SchemaFactory instances used inside of the validation package have not been changed as their use is likely to require loading of external DTDs or schemas.

  Issue #91.

• the configured NodeFilter is now applied before comparing DocumentType nodes.

  This change breaks backwards compatibility as the old behavior was to ignore DocumentType when counting the children of the Document node but not when actually comparing the DocumentType. Prior to this change if one document had a document type declaration but the other didn't, a HAS_DOCTYPE_DECLARATION difference was detected, this will no longer be the case now. If you want to detect this difference, you need to use a more lenient NodeFilter than NodeFilters.Default (i.e. NodeFilters.AcceptAll) but then you will see an additional CHILD_NODELIST_LENGTH difference.

  The legacy package has been adapted and will behave as before even when using NewDifferenceEngine.

  Issue #116.

• added a new Source implementation ElementContentWhitespaceStrippedSource which is similar to WhitespaceStrippedSource but only affects text nodes that solely consist of whitespace and doesn't affect any other text nodes. Also added convenience ignoreElementContentWhitespace methods to DiffBuilder and CompareMatcher. Issue #119.

The full list of changes for XMLUnit.NET:

• add a new experimental module xmlunit-placeholders which aims to use ${xmlunit.FOO} expressions inside of the control document to allow for a DSL-like approach of defining more complex tests. This initial seed only supports ${xmlunit.ignore} which can be used to make XMLUnit ignore the element containing this text.
• fixed the message when CompareConstraint or ValidationConstraints (both NUnit 2.x and 3.x) as well as EvaluateXPathConstraint or HasXPathConstraint (only the NUnit 3.x versions) pass but the assertion fails because the constraint itself was wrapped in a Not constraint.
• the NUnit 3.x EvaluateXPathConstraint failed to resolve the nested constraint, leading to erroneous messages if the assertion failed. Issue #25

• the XmlDocument instances used internally in Convert and Transformation now get their XmlResolver property set to null by default - which happens to be the default value of .NET 4.5.2 and later anyway. This is in accordance with the OWASP recommendations for XML eXternal Entity injection preventions.

  This may be a breaking change and you may need to provide an explicit XmlResolver instance of your own if you need to load external entities.

  Issue #27.

• added a new ISource implementation ElementContentWhitespaceStrippedSource which is similar to WhitespaceStrippedSource but only affects text nodes that solely consist of whitespace and doesn't affect any other text nodes. Also added convenience IgnoreElementContentWhitespace methods to DiffBuilder and CompareConstraint. Issue similar to xmlunit/#119.

• the configured NodeFilter is now applied before comparing XmlDocumentType nodes.

  This change breaks backwards compatibility as the old behavior was to ignore XmlDocumentType when counting the children of the XmlDocument node but not when actually comparing the XmlDocumentType. Prior to this change if one document had a document type declaration but the other didn't, a HAS_DOCTYPE_DECLARATION difference was detected, this will no longer be the case now. If you want to detect this difference, you need to use a more lenient NodeFilter than NodeFilters.Default (i.e. NodeFilters.AcceptAll) but then you will see an additional CHILD_NODELIST_LENGTH difference.

  Issue #26.

path: /en/oss/XMLUnit | #

• oss
• XMLUnit

Last Monday I atended the FOSS Backstage Micro-Summit and enjoyed it at a lot. I haven't been to ApacheCons for quite some time and it was good to see familiar faces and get to know so many new folks.

The slides of my talk are on Speaker Deck but I'm afraid they aren't that useful without the things I actually said.

Update 2017-12-01: video of the talk without the Q&A session that followed it.

path: /en/Apache/Ant | #

• Apache
• Ant

Next Monday I'm going to talk about some lessons learned during the seventeen years I've so far enjoyed being part of the Ant community at the FOSS Backstage Micro-Summit in Berlin.

path: /en/Apache/Ant | #

• Apache
• Ant

this release fixes a bug in CompareMatcher that could throw a NoSuchElementException when combined with other hamcrest matchers.

The full list of changes for XMLUnit for Java

• Made Travis build work with OpenJDK6 again. PR #101 by @PascalSchumacher.
• CompareMatcher's describeTo method threw an exception if the comparison yielded no differences. Issue #107.

path: /en/oss/XMLUnit | #

• oss
• XMLUnit

this release fixes a serious bug in the difference engine when documents only differ in namespace prefix.

The full list of changes for XMLUnit.NET:

• elements that only differed in namespace prefix resulted in a false `ELEMENT_TAG_NAME` difference when compared. Issue #22

path: /en/oss/XMLUnit | #

• oss
• XMLUnit