Bump org.mustangproject:library from 2.22.0 to 2.23.0

[dependabot]

Bumps org.mustangproject:library from 2.22.0 to 2.23.0.

Release notes

Sourced from org.mustangproject:library's releases.

2.23.0 "Bonne Journées de la Facture Électronique"

Highlights

Apart from their validation we now also support writing subinvoice lines (#1073, thanks kschwank).

Plus we merged some France-related pull requests, e.g. the conversion to french PDF (#1083), the configurable BT-23 business process ID for CII export (#1046) and of course validation which now also takes into account the first AFNOR XP12-012 schematron (#1089, thanks @​meparis).

Event

A propos France: we cordially invite potential contributors on the day following the JFE , May 7th 2026, 16:00-17:00 CET, to an free online event to coordinate contributions regading the coming e-invoice obligation in France as of September: Event details and application .

Changelog

On Mustang 2.23.0, the following fixes were applied

• #993 Cash discount not parsed
• #1029 Added a breaking change notice regarding the removal of hardcoded values in #729
• #1044 Correct version of org.apache.pdfbox:fontbox from 3.0.3 to 3.0.6.
• #1049 Prevent exceptions in validation
• #1038 Header allowances are aggregated incorrectly for non-XRechnung profiles
• #1052 Remove parsing OriginatorDocumentReference.ID as date
• #1055 Correct order of ApplicableTradeTax sub-elements.
• #1072 Correct XPath-expressions for GrandTotal and TaxBasisTotalAmount.
• #1075 Vulnerability in dependency PDFBox version 3.0.6
• #1076 XMP error during validation based on mustang version 2.22. (XMP Metadata: Could not parse XMP metadata (XML invalid))
• #1084 Fix xml description
• #1082 Centralize and secure DocumentBuilder creation.
• reduce possible exceptions in metrics action

And altogether we are talking of the following new features

• #1037 Compress attachments
• #1046 Add configurable BT-23 business process ID for CII export
• #1050 Add validator information to PDF report (name and version)
• #1061 Add ability to mark an Invoice as a test invoice.
• #1073 add hierarchical invoice positions in CII XML export for EXTENDED profile
• #1083 PDF Visualizations in English and French
• #1089 Add France schematron ruleset
• added Extended-CTC-FR profile to selection for command line

FYI I will try to renew my expired GPG key in the next maven central release and @​langfr is now co-maintainer: thank you and congratulations.

We are still set for Java 11 in this release but for #1067 fixing #1025 (a convert-to-UBL-issue), we will open a Java17 branch (thanks phax!). We're just not yet sure how to call the new version, this minor correction sounds to small for a "Mustangproject 3.0" release.

Changelog

Sourced from org.mustangproject:library's changelog.

2.23.0 "Bonne Journées de la Facture Électronique"

2026-04-23

improved subitem support, support french validation

• #993 Cash discount not parsed
• #1029 Added a breaking change notice regarding the removal of hardcoded values in #729
• #1037 Compress attachments
• #1038 Header allowances are aggregated incorrectly for non-XRechnung profiles
• #1044 Correct version of org.apache.pdfbox:fontbox from 3.0.3 to 3.0.6.
• #1046 Add configurable BT-23 business process ID for CII export
• #1049 Prevent exceptions in validation
• #1050 Add validator information to PDF report (name and version)
• #1052 Remove parsing OriginatorDocumentReference.ID as date
• #1055 Correct order of ApplicableTradeTax sub-elements.
• #1061 Add ability to mark an Invoice as a test invoice.
• #1072 Correct XPath-expressions for GrandTotal and TaxBasisTotalAmount.
• #1073 add hierarchical invoice positions in CII XML export for EXTENDED profile
• #1075 Vulnerability in dependency PDFBox version 3.0.6
• #1076 XMP error during validation based on mustang version 2.22. (XMP Metadata: Could not parse XMP metadata (XML invalid))
• #1082 Centralize and secure DocumentBuilder creation.
• #1083 PDF Visualizations in English and French
• #1084 Fix xml description
• #1089 Add France schematron ruleset
• reduce possible exceptions in metrics action
• added Extended-CTC-FR profile to selection for command line

Commits

• 6418c81 corrected history, test
• d0d6d99 Added Extended-CTC-FR to profiles for commandline
• 568898b updated history
• ca39205 corrected tests
• 3040687 corrected a test
• 56e4be8 removed debug output
• 0f6fdb7 added history entry
• a366e6b Merge pull request #1089 from meparis/validator-france-10
• 98e3168 Adding quotes around Strings sometimes helps...
• d67be28 Merge branch 'master' of github.com:ZUGFeRD/mustangproject
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)