OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Expat 2.2.1 with security fixes has been released


Expat 2.2.1 has been released.  It's a security release with a variety
of security fixes, for instance: An infinite loop denial-of-service fix
(that Rhodri James wrote more about [1]), introduction of SipHash
against sophisticated hash flooding, use of OS-specific high quality
entropy providers like getrandom, integer overflow fixes, and more.
We also got better code coverage, moved all but the downloads from
SourceForge to GitHub, ... but maybe have a look at the detailed change
log [2] yourself :)

So if you control copies of Expat somewhere, please get them updated.

Let me use the occasion to point out that we are looking for help with a
few things Expat.  There are tickets with details up here [3].  If you
can help, please get in touch.

Thanks and best


[1] https://libexpat.github.io/doc/cve-2017-9233/
[2] https://github.com/libexpat/libexpat/blob/master/expat/Changes
[3] https://github.com/libexpat/libexpat/labels/help%20wanted

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS