™RDF4J 5.3.2 is now available. This is a patch release fixing 2 issues, including a security fix for XML parsing.
The security fix is a follow-up to CVE-2018-1000644. Several XML parser entry points were not covered by the earlier fix and could still allow XML External Entity (XXE) style processing in some configurations. RDF4J 5.3.2 hardens these paths so DOCTYPE declarations, external entities, and external DTD loading are rejected or disabled by default.
We recommend that users who parse untrusted XML-based RDF4J data or query results upgrade to this release.
For more details, have a look at the release notes.
Eclipse RDF4J™ is a powerful Java framework for processing and handling RDF data. This includes creating, parsing, scalable storage, reasoning and querying with RDF and Linked Data. It offers an easy-to-use API that can be connected to all leading RDF database solutions. It allows you to connect with SPARQL endpoints and create applications that leverage the power of linked data and Semantic Web.
