These are all security issues fixed in the dom4j-1.6.1-33.6 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "dom4j": "1.6.1-33.6", "dom4j-manual": "1.6.1-33.6", "dom4j-javadoc": "1.6.1-33.6", "dom4j-demo": "1.6.1-33.6" } ] }