jsoup 1.22.1 is out now, adding support for the re2j regular expression engine for regex-based CSS selectors, a configurable maximum parser depth, and numerous bug fixes and improvements.

jsoup is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.

Download jsoup now.

• Added support for using the re2j regular expression engine for regex-based CSS selectors (e.g. [attr~=regex], :matches(regex)), which ensures linear-time performance for regex evaluation. This allows safer handling of arbitrary user-supplied query regexes. To enable, add the com.google.re2j dependency to your classpath, e.g.:

  <dependency>
    <groupId>com.google.re2j</groupId>
    <artifactId>re2j</artifactId>
    <version>1.8</version>
  </dependency>

(If you already have that dependency in your classpath, but you want to keep using the Java regex engine, you can disable re2j via System.setProperty("jsoup.useRe2j", "false").) You can confirm that the re2j engine has been enabled correctly by calling Regex.usingRe2j(). #2407

• Added an instance method Parser#unescape(String, boolean) that unescapes HTML entities using the parser's configuration (e.g. to support error tracking), complementing the existing static utility Parser.unescapeEntities(String, boolean). #2396
• Added a configurable maximum parser depth (to limit the number of open elements on stack) to both HTML and XML parsers. The HTML parser now defaults to a depth of 512 to match browser behavior, and protect against unbounded stack growth, while the XML parser keeps unlimited depth by default, but can opt into a limit via Parser.setMaxDepth(). #2421
• Build: added CI coverage for JDK 25 #2403
• Build: added a CI fuzzer for contextual fragment parsing (in addition to existing full body HTML and XML fuzzers). oss-fuzz #14041

• Set a removal schedule of jsoup 1.24.1 for previously deprecated APIs.

• Previously cached child Elements of an Element were not correctly invalidated in Node#replaceWith(Node), which could lead to incorrect results when subsequently calling Element#children(). #2391
• Attribute selector values are now compared literally without trimming. Previously, jsoup trimmed whitespace from selector values and from element attribute values, which could cause mismatches with browser behavior (e.g. [attr=" foo "]). Now matches align with the CSS specification and browser engines. #2380
• When using the JDK HttpClient, any system default proxy (ProxySelector.getDefault()) was ignored. Now, the system proxy is used if a per-request proxy is not set. #2388, #2390
• A ValidationException could be thrown in the adoption agency algorithm with particularly broken input. Now logged as a parse error. #2393
• Null characters in the HTML body were not consistently removed; and in foreign content were not correctly replaced. #2395
• An IndexOutOfBoundsException could be thrown when parsing a body fragment with crafted input. Now logged as a parse error. #2397, #2406
• When using StructuralEvaluators (e.g., a parent child selector) across many retained threads, their memoized results could also be retained, increasing memory use. These results are now cleared immediately after use, reducing overall memory consumption. #2411
• Cloning a Parser now preserves any custom TagSet applied to the parser. #2422, #2423
• Custom tags marked as Tag.Void now parse and serialize like the built-in void elements: they no longer consume following content, and the XML serializer emits the expected self-closing form. #2425
• The <br> element is once again classified as an inline tag (Tag.isBlock() == false), matching common developer expectations and its role as phrasing content in HTML, while pretty-printing and text extraction continue to treat it as a line break in the rendered output. #2387, #2439
• Fixed an intermittent truncation issue when fetching and parsing remote documents via Jsoup.connect(url).get(). On responses without a charset header, the initial charset sniff could sometimes (depending on buffering / available() behavior) be mistaken for end-of-stream and a partial parse reused, dropping trailing content. #2448
• TagSet copies no longer mutate their template during lazy lookups, preventing cross-thread ConcurrentModificationException when parsing with shared sessions. #2453
• Fixed parsing of <svg> foreignObject content nested within a <p>, which could incorrectly move the HTML subtree outside the SVG. #2452

• Deprecated internal helper org.jsoup.internal.Functions (for removal in v1.23.1). This was previously used to support older Android API levels without full java.util.function coverage; jsoup now requires core library desugaring so this indirection is no longer necessary. #2412

My sincere thanks to everyone who contributed to this release! If you have any suggestions for the next release, I would love to hear them; please get in touch via jsoup discussions, or with me directly.

You can also follow me (@jhy@tilde.zone) on Mastodon / Fediverse to receive occasional notes about jsoup releases.

• c39a0b2: [rust] fix support for Edge beta versions on Windows (#16806) (Titus Fortner) #16806
• 7ea3aad: [py] Bump versions and remove unnecessary dev/test dependencies (#16820) (Corey Goldberg) #16820
• f3be951: remove docker deploy code (#16822) (Titus Fortner) #16822
• 13af249: [py] Fix type annotations, make docstrings consistent, centralize dev dependencies (#16821) (Corey Goldberg) #16821

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.892...7.20.0-rc.893

• 5b10f14: [dotnet][rb][java][js][py] Automated Browser Version Update (#16810) (Selenium CI Bot) #16810
• 4e3e8cb: [js] fix JS tests on RBE (#16777) (Titus Fortner) #16777
• 3713943: [py] Remove deprecated FirefoxBinary class (#16811) (Corey Goldberg) #16811
• 9536be6: [build] limit what check job pulls in (#16815) (Titus Fortner) #16815

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.891...7.20.0-rc.892

• Upgrade baseline to Spring Framework 7 and Spring Boot 4
• Update test infrastructure to JUnit 6
• Add support for jSpecify annotations #1184
• Redesign command programming model #1206 #1158
• Redesign test utilities and APIs
• Add number input type #849
• Add mandatory flag to string input #844
• Introduce new command builder DSL #1211
• Add support to print annotated method result to the standard output
• Add debug mode

• Improve command error message by including offending group name #291
• Improve error reporting in InteractiveShellRunner implementations
• Simplify availability provider configuration by using a new attribute in the Command annotation instead of a separate annotation

• Reactor 3.8.1
• Spring Framework 7.0.2
• Spring Boot 4.0.1
• jLine: 3.30.6
• st4: 4.3.4

• Update documentation with new annotations #1172
• Update getting started guide with new annotations #1171
• Add sample Shell application for Spring Petclinic
• Update Antora resources
• Refine reference documentation: e3cb93791dfa95191cdccae10a2716816b56d890
• Attach Javadocs to Antora

• Remove Spring Boot dependencies from core module #200
• Remove JLine dependency from core module
• Remove compile time dependency to slf4j #1214
• Remove dependency to commons-io #1215
• Move core APIs under a dedicated named package
• Move core commands from spring-shell-standard to the core module #1212
• Add spring code formatting plugin to the build #1185
• Update build tool to Maven
• Update release process to use Spring IO GitHub Actions
• Move built-in commands to the main command package
• Remove unused APIs
• Remove unused Spring Boot properties

Many thanks to all contributors who worked on this release! @piotrooo @czpilar @PabloMartinez01 @jphughes88 @nhomble @Nico-DF

Full Changelog: https://github.com/spring-projects/spring-shell/compare/v3.4.1...v4.0.0

Feature - Local cached Spring Session implemented
Feature - Hibernate 7.2 module added
Feature - support for Instant-based expiration in RMapCacheNative (thanks @bandalgomsu)
Feature - claim() method added to StreamMultiReadGroupArgs and StreamReadGroupArgs for RStream object
Feature - RBucket.getDigest() method added
Feature - extended RBucket.compareAndSet() method added
Feature - RBucket.compareAndDelete() method added
Feature - RMapCacheNative.putIfExists() methods added with ttl and time arguments
Feature - RBuckets.setIfAllKeysExist() method added (thanks to @seakider)
Feature - RBuckets.setIfAllKeysAbsent() method added (thanks to @seakider)
Feature - RMapCacheNative.putIfAllKeysExist() method added
Feature - RMapCacheNative.putIfAllKeysAbsent() method added
Feature - extended RMapCacheNative.putAll() method added
Feature - JsonJackson3Codec and TypedJsonJackson3Codec codecs added
Feature - RSearch.hybridSearch() method added

Breaking change - Spring Cache implementation moved to redisson-spring-cache/redisson-spring module (thanks to @seakider)
Breaking change - Spring Transaction implementation moved to redisson-spring-transaction/redisson-spring module (thanks to @seakider)
Breaking change - FstCodec, FuryCodec, MarshallingCodec, SnappyCodec deprecated codecs have been removed

Improvement - redisson-spring-data is a sub-module of redisson-spring module
Improvement - redisson-spring-boot-starter is a sub-module of redisson-spring
Improvement - redisson-spring-cloud-stream-binder is a sub-module of redisson-spring

Fixed - Spring Data Redis ttl() method returns 0 instead of -1 when TimeUnit.SECONDS is used (thanks to @seakider)
Fixed - incorrect delay calculations by EqualJitterDelay and FullJitterDelay after 57 attempts
Fixed - Kryo5Codec fails sometimes if allowedClasses specified
Fixed - PendingEntry.lastTimeDelivered renamed to deliveryCount
Fixed - REDIRECT response handling
Fixed - Spring Boot attempts to start JCache instance
Fixed - LEAK: ByteBuf.release() was not called before it's garbage-collected after redirect handling (thanks to @seakider)

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.890...7.20.0-rc.891

• 83ad5f8: [py][bidi]: improve tests to use local no-proxy server (#16747) (Navin Chandra) #16747
• 9764676: [py][bidi]: add emulation command set_network_conditions (#16702) (Navin Chandra) #16702
• f2002fc: [dotnet][java][py][rb][rust] Only use External Cache for GitHub Actions (#16788) (Titus Fortner) #16788
• 88273fd: [py] Add new ruff lint rules, fix violations and type annotations (#16789) (Corey Goldberg) #16789
• 58736b2: [build] fix permissions for update-documentation (Titus Fortner)
• 01200af: [java] Be more tolerant to remote responses (#16797) (Andrei Solntsev) #16797
• d2de0b2: [py] pin python versions to specific patches (#16795) (Titus Fortner) #16795
• d867b37: [java] Fix asserts for maps and sets (#16808) (Andrei Solntsev) #16808

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.889...7.20.0-rc.890