Skip to content

4.2.0
Compare
Choose a tag to compare
@bwrrp bwrrp released this 01 Jun 08:34
· 15 commits to main since this release
4.2.0
23d4b06
  • Added heuristics to block entity expansion attacks. Parsing is aborted if the output size exceeds a certain limit and the size increase due to entity expansion exceeds a set factor. Both this approach and the default limits are based on how libexpat guards against such attacks. Please file an issue if you have to increase these limits for any real-world document.

Full Changelog: 4.1.1...4.2.0

Assets 2
Loading