25 Oct 2022: Version 1.16 Released
This is mainly a bug fix release, including 2 security fixes
22 Sept 2022: Version 1.15 Released
This is mainly a bug fix release, including 3 security fixes
From the Batik CHANGES file:
1.16
----
Java 8 or later is minimum runtime required
BATIK-1338: Block loading jar inside svg
BATIK-1345: Restrict what java classes can be run thru rhino
1.14 -> 1.15
------------
BATIK-1260: Java 11 module error
BATIK-1321: Remove Xerces
BATIK-1299: Batik-all jar has all classes so should not pull other jars also
BATIK-1329: Remove xalan
BATIK-1331: Jar url should be blocked by DefaultExternalResourceSecurity
BATIK-1333: Block external resource before calling fop
BATIK-1335: Jar url should be blocked by DefaultScriptSecurity
pcdavid
commented
1 year ago
Orbit has moved to 1.15 and then 1.16.
Both versions fix security issues:
From the Batik
CHANGESfile: