Version 0.3.1

Highlights

Level 4 colors and Level 5 color-mix()

This library already admitted Level 4 colors and Level 5 color-mix() if one used the CSSTranscodingHelper, but now those color values are natively processed. However, for now only the sRGB color gamut is supported; if a color happens to be out of that gamut, it is clamped.

More tolerance to errors

Whenever a user agent encounters errors in an SVG document, according to the specification, it is supposed to continue processing the document until the end:

The document rendering shall continue after encountering element which has an error. The element or its part that is in error won't be rendered.

Apache Batik stops processing whenever it finds an error, including perfectly valid (but unsupported) CSS, a behavior which is non-conformant. EchoSVG was already doing better because it ignored unsupported rules as well as CSS errors, but in previous versions the errors in CSS values continued to be a problem (although it was possible to bypass it using the CSS Helper). Now this library finally ignores CSS value errors, as well as missing element references.

Thanks to the changes shipped in this release, EchoSVG can now render this file, that was deliberately filled with reference errors, with more reliability than the big web browsers. The next image is the render by EchoSVG:

Apache Batik fails to render, while Inkscape produced this:

Firefox does much better, but still not as good as EchoSVG:

Google Chrome produces essentially the same image as Firefox.

If you are hit by a case where EchoSVG's error handling is non-conformant, please open an issue.

Support the namespaceless href attribute of SVG2

This helps a lot when processing modern SVG documents, see https://svgwg.org/svg2-draft/linking.html#XLinkRefAttrs

Currently, xlink:href is checked first, and if nothing is found then href is used. This behaviour could be reversed (to check href first) if in the future it is considered more conformant.

Bug fixes and performance improvements

A few important bugs have been fixed, please read the list of changes for details.

Detail of changes

• awt: statically evaluate isColorConvertOpAplhaSupported. [BATIK-1354]
• bridge: be tolerant to missing references. #80
• css: do not stop CSS processing when an unknown or wrong value is found. #78
• css: support Level 4 CSS Color (and Level 5 color-mix()) values in sRGB gamut. #77
• css: fix NPE in CSSEngine when the document has no documentURI.
• dom: support the namespaceless href attribute of SVG2.
• dom: support surrogate characters.
• gvt: fix race conditions in AWTGlyphGeometryCache (includes BATIK-1271).
• gvt: fix SVG to PNG Rendering due to missing Arabic characters from the map. Based on patch by Paritosh Chauhan [BATIK-1355]
• transcoder: add methods to transcode from a TranscoderInput and a Document instance using the Helper.
• transcoder: do not overwrite the error handler in the CSSTranscodingHelper.
• Tests: make less verbose the rendering tests that expect errors.
• README: a more informative introduction.
• README: add a section about OWASP Dependency Check.
• SECURITY: how to report a vulnerability.
• Add a section about security scanners to SECURITY.md.
• Improve code style section in CONTRIBUTING.md.
• Gradle: add OWASP's org.owasp.dependencycheck plugin.
• Bump org.junit.jupiter:junit-jupiter from 5.9.2 to 5.9.3
• Upgrade Gradle wrapper to 8.1.1
• Upgrade to GrGit 5.2.0
• Upgrade to extra-java-module-info 1.4.1

Version 0.3

Highlights

Configure the encoding in TranscoderInput

One annoyance of TranscoderInput was that you could not set a specific encoding (even the tests relied on the JVM's default encoding), but in EchoSVG it has gained get/setEncoding methods. See #72 and #73 for more details.

XPath support now comes from JDK

This allowed the removal of the EchoXSL Xalan fork. Patches from the Apache Batik project written by S. Steiner were used.

Security improvements

The security model was improved, this was point 3) of issue #41. Work based on patches from the Apache Batik project.

If the security restrictions have become too strict for your use case, please open an issue or a discussion.

Also, a SECURITY.md file was created (point 4 of #41).

Module dependency cleanup

A few modules were being carried transitively when there was no need for that.

Detail of changes

• Improve the security model
• dom,anim: add InputStream+encoding method variant to DocumentFactory.
• transcoder,anim,dom: add encoding support to TranscoderInput.
• anim: throw an IllegalArgumentException on root mismatch in SAXSVGDocumentFactory.
• bridge: avoid NPE when using non-PX units in an element.
• Use default implementations for the deprecated getPixelToMM() method (#59)
• Use JDK's XPath support #76 (ported from: BATIK-1329: Remove xalan)
• Module dependency cleanup
• Do not assume that GRADLE_USER_HOME is inside user.home in policy files.
• Tests: convert tests to JUnit 5.
• Tests: fix a few null-empty string inconsistencies in OnLoad tests.
• Upgrade to css4j 4.0.1 and xml-dtd 4.2.
• Upgrade to JMH 1.36
• Upgrade Gradle wrapper to 8.1.
• Upgrade to extra-java-module-info 1.3
• .gitattributes: set Unix line endings
• Ignore the jar directory in git

EchoSVG 0.2.2

Highlights

Change antialiasing default in SVGClipPathElementBridge

There are complaints about Batik producing low quality images (with strong aliasing) in some downstream applications (see rototor/pdfbox-graphics2d#30 (comment) and also #53).

Anti-aliasing is enabled by default in normal configurations and all the tested code paths, but there was a single individual class where anti-aliasing was off by default: SVGClipPathElementBridge. The default is now changed, which hopefully should help those users.

No classes with anti-aliasing disabled by default are left.

Simplify the usage of XMLReader in DocumentFactory

See #71.

Allow SVG embedded into XHTML in XMLAbstractTranscoder

See #69.

Check for the correct SVGDOM implementation version in XML transcoding

See #68.

Detail of changes

• bridge: default to antialiasing in SVGClipPathElementBridge. May fix #53
• transcoder: allow SVG embedded into XHTML in XMLAbstractTranscoder. #69
• transcoder: check for the correct SVGDOM implementation version in XML transcoding. #68
• transcoder: accurate computation of stringWidth in CSSTranscodingHelper.
• transcoder: adjust visibility of non-public types that were being referenced by SVGTranscoder public fields.
• dom: deprecate XMLReader variant of DocumentFactory.createDocument, add setXMLReader. #71
• Small javadoc fixes.
• Make sure that LICENSE and NOTICE in Jar files have Windows line endings
• Upgrade to css4j 3.9.0
• Upgrade to xml-dtd 4.1.1
• Upgrade to xmlgraphics-commons 2.8
• Upgrade to EchoXSL 2.7.3.1
• Upgrade to extra-java-module-info 1.1
• Upgrade Gradle wrapper to 7.6

EchoSVG 0.2.1

Highlights

New transcoding helper class

Thanks to the new CSSTranscodingHelper it is possible to render SVG images that use modern CSS, even if they are a fragment of an HTML document.

See the CSSTranscodingHelper wiki page.

Support for the transparent color identifier

Now transparent can be used as a color.

getPixelToMM() and getPixelToMillimeter() deprecated for removal

They should have been removed years ago, see #59.

Other minor fixes

For example the SVG version of the "broken link" image now works (although visually needs improvements), and the KEY_ALLOWED_SCRIPT_TYPES hint is now processed correctly.

Detail of changes

• Deprecate getPixelToMM() and getPixelToMillimeter() for removal (#59).
• Support the transparent color identifier.
• awt: remove commented code from ImageTagRegistry.
• bridge: initial fix to SVGBrokenLinkProvider. (#52)
• css: accept display: inline-block as valid CSS.
• css: do not stop processing when finding a custom property.
• css: ignore rules that are not supported instead of stopping processing.
• css: add a constructor with initial capacity in StringMap.
• gvt: remove unreachable conditional blocks.
• svg-dom: fix relative move after path closure in getNormalizedPathSegList (#50)
• transcoder: add a CSS rendering helper utility.
• transcoder: provide the old PNGRegistryEntry in module-info.
• transcoder: correctly parse the KEY_ALLOWED_SCRIPT_TYPES hint (#56)
• transcoder: reorder the module-info exports and requires.
• util: add method Platform.isOSX(), deprecate public field isOSX (#51)
• Use try-with-resources in several places.
• Tests: explicitly set SVG version in samples that are not compatible with 1.2
• Tests: use SVG 1.1 DTD instead of 1.0 in some 1.2 sample files.
• Tests: new normalizedPathSegList test.
• Tests: anim: add a test for getNormalizedPathSegList(), see #50
• Tests: fix non-conformant font-size style declarations in test files.
• Tests: split the ECMAScript tests for easier debugging.
• Add RELEASE_HOWTO.md with release steps.
• Upgrade to css4j 3.8.0
• Upgrade to xml-dtd 4.1.0
• Upgrade to EchoXSL 2.7.3
• Upgrade to extra-java-module-info 1.0
• Upgrade to xmlgraphics-commons 2.7.
• Gradle: upgrade wrapper to 7.5.1

EchoSVG 0.2

Upgrading

IMPORTANT: If you use Gradle, remember to add:

    includeGroup 'com.github.css4j'

inside the content configuration of CSS4J's Maven repository (inside repositories), so Gradle can find the new EchoXSL dependency.

Also, public methods returning an AccessControlContext were removed, in order to finish #36.

Detail of changes

• Migrate from Apache Xalan to EchoXSL. See #46
• bridge: rename finalize() to close(), implement Closeable in BridgeContext. See #38
• transcoder: remove finalize() method from SeekableStream. See #38
• bridge,script: remove public methods returning an AccessControlContext (final part of #36).
• script: simplify the SecurityManager implementation of EchoSVGSecurityController.getDynamicSecurityDomain() (related to #36).
• anim: round values to nearest integer during the interpolation.
• Tests: improve the rendering tests documentation.
• Upgrade to css4j 3.7.2.
• Upgrade to JMH 1.35.
• Gradle: upgrade wrapper to 7.4.2.
• Upgrade to extra-java-module-info plugin version 0.14.
• Small README readability improvement.
• Actions: create codeql-analysis.yml, codeql-config.yml, custom-queries.qls (thanks to Chris Smowton).
• Actions: switch from 'adopt' distribution to 'temurin'.
• Actions: upgrade actions/checkout, setup-java and codeql-action to current versions.

EchoSVG 0.1.2

Highlights

Refactor classes that use deprecated Security APIs

Since Java 17, the Security Manager is deprecated for removal (see JEP 411). The classes using the Security Manager API have been refactored and deprecated as needed. See #36.

A few methods which have deprecated-for-removal classes in their signature will be removed in the next Milestone Release (this release brings non-deprecated replacement methods that could be used instead). If your code is affected by the deprecations and removals, look at the javadoc comments for guidance in the migration.

Improved CleanerThread

Class CleanerThread now attempts to clean up itself, and has gained the static shutdown() method which can be used to shut it down.

In a related change, HaltingThread was improved with a volatile beenHalted field (synchronization was removed).

text-align="center" now works in SVG 1.2 flow elements

The attribute text-align="center" is now supported in SVG 1.2 flow elements. Although those elements are long-deprecated from SVG, it was confusing that they were using an attribute value that has no correspondence with CSS: text-align="middle". See #33 for details.

Static analysis fixes

A number of small bugs have been fixed, mainly thanks to static analysis tools (primarily Spotbugs but also plain compiler warnings). Several issues (especially synchronization problems) still remain though.

The fixes are mainly about NullPointerExceptions, wrong comparisons and improved numeric rounding.

JPMS modularity

A few required modules are now transitive, which should ease the use of the modules.

Detail of changes

• JPMS: require transitivity in a few modules.
• Refactor classes that use deprecated Security APIs, deprecate as needed. #36
• svg1.2: support attribute text-align="center" in SVG 1.2 flow elements. #33
• anim: avoid potential NPE.
• anim: remove protected fields that were shadowing superclass fields.
• awt: avoid an undesirable cast in AbstractRable.
• awt: implement SVGComposite.hashCode()
• awt: fix rounding in a mathematical expression.
• awt: prevent three NPEs.
• awt: change class DisplacementMapRed.TileOffsets visibility to public.
• awt: remove commented code.
• bridge: implement DefaultXBLManager.DefinitionRecord.hashCode()
• bridge: fix conditional in GlyphLayout.
• gvt: fix implementation of GVTAttributedCharacterIterator.getRunLimit(Set)
• gvt: avoid potential NPE in DynamicRenderer.
• svgrasterizer: prevent NPE.
• transcoder: return null on null input in WMFTranscoder.getCompatibleInput()
• transcoder: remove unneeded import.
• util: use a volatile field in HaltingThread.
• util: add a method to shut down CleanerThread, use a timeout when retrieving the queue.
• util: prevent two NPEs in ClassFileUtilities.
• Tests: deploy a new image comparison infrastructure.
• Tests: update test references with more accurate images.
• Tests: replace resources for scripting jar files.
• Tests: use free font in flowTextAlign test, accept Xfce variation on systemColors.
• Tests: fix scripting/domSVGColor test.
• Tests: fix samples/tests/spec12/text/flowText4.svg
• Tests: improved error message in MemoryLeakTest.
• Tests: throw error that was being ignored in JPainterCompare.
• Javadoc fixes.
• svgom-api and smil-api now have their own Git repository.
• Upgrade to css4j 3.7.0.
• Upgrade to Mozilla Rhino 1.7.14-RC1.
• Upgrade to xml-dtd 4.0.0.
• Upgrade to JMH 1.32.
• Upgrade JUnit version to 4.13.2.
• Upgrade extraJavaModuleInfo plugin to 0.9.
• Gradle: various improvements.
• Add a build CI workflow.
• Add a workflow to publish packages in Github.
• Add a changes.sh release helper script.

EchoSVG 0.1.1

Highlights

New features

• Generator: support decoration attributes in text elements #16
• Generator: conversions to SVG fonts now support strikethrough-* and underline-* attributes #17

Bugs fixed

• Script service provider metadata is at wrong module #20
• DOM: Node.isEqualNode() gives incorrect results #18
• The build now produces Java 8 bytecode (with module-info separately compiled to Java 11). The previous (0.1) build generated Java 11 bytecode only.

Tests

The old Batik tests were overhauled and converted to JUnit. Now EchoSVG has more than 500 tests that are easy to run. Although some tests still pass only on a Windows platform, most tests were modified so they also pass on Linux or other non-Windows operating systems.

v0.1

First milestone release. This very early release should allow developers to start using the code now, and is intended as a baseline for future modifications.

Summary of changes since the Batik fork:

• New CSS engine supporting level 4 selectors and RGBA colors (with alpha channel).
• codec and transcoder packages were merged, runtime circular dependency removed. See #11.
• Pyhton and Tcl scripting removed (they were already commented out in Batik), see #12 and #13.
• Removed support for PDF vector image format (which introduced a hidden FOP-Batik circular dependency, see #10).
• Remove the useless shared-resources package, those resources are now inserted into the META-INF directory of the jar files.
• Build system switched to Gradle (#8).
• Several bugfixes (some fixed during the initial cleanup, additional ones introduced later).

Summary of bug fixes since Batik fork (excluding CSS bugs fixed by the switch to css4j parser):

• BATIK-1296: AbstractDocument.importNode(Node, boolean) does not set the attributes of elements.
• BATIK-1227: Image filters encoded with Base64 in the SVG throw "Content not allowed in prolog" exception. Fix by @dan-caprioara.
• BATIK-1285: Batik fails to parse an svg with missing 'offset' attribute. Based on fix by Konstantin Bulenkov.
• BATIK-1290: AbstractGraphicsNode.paint() sometimes does not dispose a Graphics2D child context. Fix by Emmeran Seehuber.
• Transcoder: in PNGTranscoder, PNGTranscoderImageIOWriteAdapter was being looked for in the wrong package.
• Bridge: handle SVG 1.2 text elements inside 1.1 documents. (#3)
• Util: honor the 'http.agent' system property in ParsedURL. Fixes #2.
• A few bugs fixed during generification, including an impossible equality in GVTACIImpl.getRunStart(Set) affecting text rendering.