Affects Version/s: None
Changelog from https://github.com/rometools/rome/blob/master/README.md :
Upgrade of JDOM to version 2.0.5
Maven plugin and dependency updates
Support for allowing Doctype declarations in rome-fetcher
solved an XML bomb vulnerability
Important note: due to the security fix ROME now forbids all Doctype declarations by default. This will break compatibility with RSS 0.91 Netscape because it requires a Doctype declaration. When you experience problems you have to activate the property allowDoctypes on the SyndFeedInput object. You should only use this possibility when the feeds that you process are absolutely trustful.
Spring-framework has already upgraded to 1.6.0 in the following commit: