Separating out jdom 1.x to clarify that the CVE has been addressed in 2.x

Original comment:
Are there any plans to port the fix for CVE-2021-33813 to jdom v1.x? We're experiencing issues with Apache Commons JXPath, which is not compatible with jdom v2.x..

Originally posted by @mmkamburova in #189 (comment)