[ANNOUNCEMENT] CSS4J 1.0.8

[admin]

Release 1.0.8 is now available for download from the usual sites, see:

https://css4j.github.io/#downloads

Release Highlights

• If you use this library's SAC/NSAC parser, you now have resource limits: style sheets are limited to 100MB (this can be changed at the NSAC level) and DTDs (only those directly parsed by this library: ContentModel and EntityFinder) to 1MB. Once the limit is hit, a SecurityException is thrown.
• The DefaultEntityResolver was further security-hardened.
• A few bug fixes in shorthands and serialization of attribute selectors.
• The javadocs no longer include the uparser package, which is not exported by the library.
• To allow usage from Java 7 or 8, the javadocs include a package-list file built with an improved version of the javadoc-packagelist-maven-plugin.
• Both the unit tests and the build process are a bit more Windows-friendly.
  

As always, all users are encouraged to upgrade to 2.1. This new 1.0 release is only intended to deliver bug fixes and additional security protections to 1.0 users that could not upgrade yet.