[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Expat 2.4.9 released, includes security fixes
Hello everyone! (A *longer* blog-post version of this e-mail is available online at https://blog.hartwork.org/posts/expat-2-4-9-released/ .) Expat 2.4.9 [1] has been released yesterday. Alongside the usual pile of improvements to the build system, most importantly this release fixes CVE-2022-40674: a heap use-after-free vulnerability in function doContent with expected impact of denial of service or potentially arbitrary code execution. For more details, please check out the change log [2]. If you maintain Expat packaging or a bundled copy of Expat or a pinned version of Expat somewhere, please update to 2.4.9. Thank you! Best Sebastian Pipping [1] https://github.com/libexpat/libexpat/releases/tag/R_2_4_9 [2] https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|