I got a security warning on JDom 2.0.6, because of CVE-2021-33813: https://nvd.nist.gov/vuln/detail/CVE-2021-33813 From the severity of CVE-2021-33813 it looks like this is something that needs to be fixed.