Cart
[Home] [By Thread] [By Date] [Recent Entries]
Hello everyone! (A *more detailed* blog-post version of this e-mail is available online at https://blog.hartwork.org/posts/expat-2-6-2-released/ .) Expat 2.6.2 [1] has been released earlier today. This release fixes security issue CVE-2024-28757 that can be used to cause denial of service. There is also a bugfix to reject direct parameter entity recursion and also to avoid the related undefined behavior. For more details, please check out the change log [2]. If you maintain Expat packaging or a bundled copy of Expat or a pinned version of Expat somewhere, please update to 2.6.2. Thank you! Best Sebastian Pipping [1] https://github.com/libexpat/libexpat/releases/tag/R_2_6_2 [2] https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
