XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Expat 2.6.0 released, includes security fixes
Hello everyone!


(A *longer* blog-post version of this e-mail is available online at
https://blog.hartwork.org/posts/expat-2-6-0-released/ .)

Expat 2.6.0 [1] has been released earlier today. Most importantly, this
release fixes two security issues — CVE-2023-52425 and CVE-2023-52426 —
that can be used to cause denial of service. There are also non-
security bugfixes, many improvements to the two official build systems —
GNU Autotools and CMake —, enhancements to the documentation and the
xmlwf command line tool, new example code element_declarations.c,
improved fuzzers, hardened CI security, and many improvements more, both
above and below water level. For more details, please check out the change log [2].

If you maintain Expat packaging or a bundled copy of Expat or a pinned
version of Expat somewhere, please update to 2.6.0. Thank you!

Best



Sebastian Pipping


[1] https://github.com/libexpat/libexpat/releases/tag/R_2_6_0
[2] https://github.com/libexpat/libexpat/blob/R_2_6_0/expat/Changes
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS