Bump org.mustangproject:library from 2.22.0 to 2.23.1

[dependabot]

Bumps org.mustangproject:library from 2.22.0 to 2.23.1.

Release notes

Sourced from org.mustangproject:library's releases.

2.23.0 "Bonne Journées de la Facture Électronique"

Highlights

Apart from their validation we now also support writing subinvoice lines (#1073, thanks kschwank).

Plus we merged some France-related pull requests, e.g. the conversion to french PDF (#1083), the configurable BT-23 business process ID for CII export (#1046) and of course validation which now also takes into account the first AFNOR XP12-012 schematron (#1089, thanks @​meparis).

Event

A propos France: we cordially invite potential contributors on the day following the JFE , May 7th 2026, 16:00-17:00 CET, to an free online event to coordinate contributions regading the coming e-invoice obligation in France as of September: Event details and application .

Changelog

On Mustang 2.23.0, the following fixes were applied

• #993 Cash discount not parsed
• #1029 Added a breaking change notice regarding the removal of hardcoded values in #729
• #1044 Correct version of org.apache.pdfbox:fontbox from 3.0.3 to 3.0.6.
• #1049 Prevent exceptions in validation
• #1038 Header allowances are aggregated incorrectly for non-XRechnung profiles
• #1052 Remove parsing OriginatorDocumentReference.ID as date
• #1055 Correct order of ApplicableTradeTax sub-elements.
• #1072 Correct XPath-expressions for GrandTotal and TaxBasisTotalAmount.
• #1075 Vulnerability in dependency PDFBox version 3.0.6
• #1076 XMP error during validation based on mustang version 2.22. (XMP Metadata: Could not parse XMP metadata (XML invalid))
• #1084 Fix xml description
• #1082 Centralize and secure DocumentBuilder creation.
• reduce possible exceptions in metrics action

And altogether we are talking of the following new features

• #1037 Compress attachments
• #1046 Add configurable BT-23 business process ID for CII export
• #1050 Add validator information to PDF report (name and version)
• #1061 Add ability to mark an Invoice as a test invoice.
• #1073 add hierarchical invoice positions in CII XML export for EXTENDED profile
• #1083 PDF Visualizations in English and French
• #1089 Add France schematron ruleset
• added Extended-CTC-FR profile to selection for command line

FYI I will try to renew my expired GPG key in the next maven central release and @​langfr is now co-maintainer: thank you and congratulations.

We are still set for Java 11 in this release but for #1067 fixing #1025 (a convert-to-UBL-issue), we will open a Java17 branch (thanks phax!). We're just not yet sure how to call the new version, this minor correction sounds to small for a "Mustangproject 3.0" release.

Changelog

Sourced from org.mustangproject:library's changelog.

2.23.1

2026-05-13

• #1108 Regression Issue caused by empty XMP (introduced by #1076)
• #1120 ZUGFeRDImporter fails to extract Version if XML namespace is not exactly rsm:CrossIndustryInvoice (some of the following changes were already part of 2.23.0)
• #1043 Fix percentage-based allowance/charge calculations
• #1093 #814 upgrade CEN EN16931 Schematron from v1.3.12 to v1.3.15
• #1102 Add BasisAmount to CashDiscount.
• #1109 Feature fix xml description
• #1110 Avoid NPE by checking zi.getXMP() is not null.
• #1116 dont emit empty node for definedTradeContact
• #1118 Support ram:UltimateShipToTradeParty/
• #1119 Support ram:DeliveryTypeCode/

2.23.0 "Bonne Journées de la Facture Électronique"

2026-04-23

improved subitem support, support french validation

• #993 Cash discount not parsed
• #1029 Added a breaking change notice regarding the removal of hardcoded values in #729
• #1037 Compress attachments
• #1038 Header allowances are aggregated incorrectly for non-XRechnung profiles
• #1044 Correct version of org.apache.pdfbox:fontbox from 3.0.3 to 3.0.6.
• #1046 Add configurable BT-23 business process ID for CII export
• #1049 Prevent exceptions in validation
• #1050 Add validator information to PDF report (name and version)
• #1052 Remove parsing OriginatorDocumentReference.ID as date
• #1055 Correct order of ApplicableTradeTax sub-elements.
• #1061 Add ability to mark an Invoice as a test invoice.
• #1072 Correct XPath-expressions for GrandTotal and TaxBasisTotalAmount.
• #1073 add hierarchical invoice positions in CII XML export for EXTENDED profile
• #1075 Vulnerability in dependency PDFBox version 3.0.6
• #1076 XMP error during validation based on mustang version 2.22. (XMP Metadata: Could not parse XMP metadata (XML invalid))
• #1082 Centralize and secure DocumentBuilder creation.
• #1083 PDF Visualizations in English and French
• #1084 Fix xml description
• #1089 Add France schematron ruleset
• reduce possible exceptions in metrics action
• added Extended-CTC-FR profile to selection for command line

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)