rome/README.md

# ROME

ROME is a set of RSS and Atom Utilities for Java. It makes it easy to work in Java with most syndication formats: RSS 0.90, RSS 0.91 Netscape, 
RSS 0.91 Userland, RSS 0.92, RSS 0.93, RSS 0.94, RSS 1.0, RSS 2.0, Atom 0.3, Atom 1.0

More Information: http://rometools.github.io/rome/

## Changelog

### 1.5.1

- solved an [XML bomb](https://en.wikipedia.org/wiki/Billion_laughs) vulnerability

Important note: due to the security fix ROME now forbids all Doctype declarations by default. This will break compatibility with RSS 0.91 Netscape
because it requires a Doctype declaration. When you experience problems you have to activate the property **allowDoctypes** on the SyndFeedInput object. You 
should only use this possibility when the feeds that you process are absolutely trustful.

### 1.5.0

- many (untracked) enhancements
- code cleanup
- renamed packages (was required to be able to push to Maven Central after years again)
- updated sourcecode to Java 1.6

### Prior to 1.5.0

- see [http://rometools.github.io/rome/ROMEReleases](http://rometools.github.io/rome/ROMEReleases)
Added build status for all ROME projects 2014-04-17 23:29:07 +02:00			`# ROME`
merged site, maven site config from test repo and some urls fixed 2013-09-25 22:00:14 +02:00
Added build status for all ROME projects 2014-04-17 23:29:07 +02:00			`ROME is a set of RSS and Atom Utilities for Java. It makes it easy to work in Java with most syndication formats: RSS 0.90, RSS 0.91 Netscape,`
			`RSS 0.91 Userland, RSS 0.92, RSS 0.93, RSS 0.94, RSS 1.0, RSS 2.0, Atom 0.3, Atom 1.0`
merged site, maven site config from test repo and some urls fixed 2013-09-25 22:00:14 +02:00
maven site and config 2013-09-27 00:13:57 +02:00			`More Information: http://rometools.github.io/rome/`
Added build status for all ROME projects 2014-04-17 23:29:07 +02:00
Fixed #203 - XML bomb vulnerability The current configuration of the SAXParser is vulnerable for an XML bomb attack. The feature "http://apache.org/xml/features/disallow-doctype-decl" of the SAXBuilder must be activated in order to fix the vulnerability. 2015-06-27 08:53:00 +02:00			`## Changelog`

			`### 1.5.1`

			`- solved an [XML bomb](https://en.wikipedia.org/wiki/Billion_laughs) vulnerability`

			`Important note: due to the security fix ROME now forbids all Doctype declarations by default. This will break compatibility with RSS 0.91 Netscape`
			`because it requires a Doctype declaration. When you experience problems you have to activate the property allowDoctypes on the SyndFeedInput object. You`
			`should only use this possibility when the feeds that you process are absolutely trustful.`

			`### 1.5.0`

			`- many (untracked) enhancements`
			`- code cleanup`
			`- renamed packages (was required to be able to push to Maven Central after years again)`
			`- updated sourcecode to Java 1.6`

			`### Prior to 1.5.0`

			`- see [http://rometools.github.io/rome/ROMEReleases](http://rometools.github.io/rome/ROMEReleases)`