Skip to content

Bump org.eclipse.rdf4j:rdf4j-bom from 5.3.1 to 5.3.2#2659

Merged
acoburn merged 1 commit into
mainfrom
dependabot/maven/org.eclipse.rdf4j-rdf4j-bom-5.3.2
Jun 29, 2026
Merged

Bump org.eclipse.rdf4j:rdf4j-bom from 5.3.1 to 5.3.2#2659
acoburn merged 1 commit into
mainfrom
dependabot/maven/org.eclipse.rdf4j-rdf4j-bom-5.3.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps org.eclipse.rdf4j:rdf4j-bom from 5.3.1 to 5.3.2.

Release notes

Sourced from org.eclipse.rdf4j:rdf4j-bom's releases.

RDF4J 5.3.2 is now available. This is a patch release fixing 2 issues, including a security fix for XML parsing.

The security fix is a follow-up to CVE-2018-1000644. Several XML parser entry points were not covered by the earlier fix and could still allow XML External Entity (XXE) style processing in some configurations. RDF4J 5.3.2 hardens these paths so DOCTYPE declarations, external entities, and external DTD loading are rejected or disabled by default.

We recommend that users who parse untrusted XML-based RDF4J data or query results upgrade to this release.

For more details, have a look at the release notes.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 29, 2026 21:05
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 29, 2026
@acoburn acoburn enabled auto-merge (squash) June 29, 2026 23:09
Bumps [org.eclipse.rdf4j:rdf4j-bom](https://github.com/eclipse/rdf4j) from 5.3.1 to 5.3.2.
- [Release notes](https://github.com/eclipse/rdf4j/releases)
- [Commits](eclipse-rdf4j/rdf4j@5.3.1...5.3.2)

---
updated-dependencies:
- dependency-name: org.eclipse.rdf4j:rdf4j-bom
  dependency-version: 5.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/org.eclipse.rdf4j-rdf4j-bom-5.3.2 branch from 716846a to c278a3c Compare June 29, 2026 23:10
@acoburn acoburn merged commit 081a501 into main Jun 29, 2026
7 checks passed
@acoburn acoburn deleted the dependabot/maven/org.eclipse.rdf4j-rdf4j-bom-5.3.2 branch June 29, 2026 23:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant