diff --git a/NEWS b/NEWS index 65fd0349b..4040fb289 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ NEWS file for libxml2 -v2.15.0: not released yet +v2.15.0: Sep 15 2025 ### Major changes @@ -66,6 +66,135 @@ Thanks to the following contributors: - ThomasK +v2.14.6: Sep 8 2025 + +### Regressions + +- valid: Don't add ids when validating entity content +- Fix initGenericErrorDefaultFunc(NULL) (Samuel Thibault) +- valid: Undeprecate xmlAdd*Decl +- globals: Include HTMLparser.h, fixing Windows build +- io: Fix reading from pipes like stdin on Windows + +### Security + +- regexp: Avoid integer overflow and OOB array access +- tree: Guard against atype corruption + +### Improvements + +- parser: Fix xmlSaturatedAddSizeT argument type + + +v2.14.5: Jul 10 2025 + +### Regressions + +- html: Don't abort on encoding errors +- parser: Fix handling of invalid char refs in recovery mode +- xmllint: Print document even in case of XInclude errors +- xmllint: Fix --xinclude --path + +### Security + +- schematron: Fix memory safety issues in xmlSchematronReportOutput +- Schematron: Fix null pointer dereference leading to DoS (Michael Mann) +- Fix potential buffer overflows of interactive shell (Michael Mann) + +### Improvements + +- parser: Fix xmlCtxtIsStopped + +### Build systems and portability + +- schemas: Fix compilation with pre-C99 MSVC +- cmake: Add missing endif() in libxml2-config.cmake.in +- Fix CMake iconv handling after change to private dependency (Markus Rickert) + + +v2.14.4: Jun 16 2025 + +### Regressions + +- parser: Fix parsing of PublicIds and VersionNums +- parser: Fix custom SAX parsers without cdataBlock handler +- error: Fix initGenericErrorDefaultFunc compatibility macro again +- io: Make xmlOutputBufferCreate* not free encoder on error +- reader: Fix null deref on malloc failure +- Revert "meson: Install libxml2.py" + +### Security + +- tree: Fix integer overflow in xmlBuildQName + +### Improvements + +- parser: Use parser context as default in resource loader +- parser: Only validate EnumerationTypes when requested +- parser: Undeprecate some parser context members + +### Build systems + +- cmake: Avoid overlinking with non-CMake libxml2-config.cmake +- cmake: Make iconv a private dependency + + +v2.14.3: May 13 2025 + +### Regressions + +- reader: Fix reading compressed data +- parser: Make undeclared entities in XML content fatal +- save: Fix XML escape table +- save: Fix xmlSave with NULL encoding +- Revert "valid: Remove duplicate error messages when streaming" + +### Bug fixes + +- save: Fix serialization of attribute defaults containing < +- io: Fix linkage of __xml*BufferCreateFilename functions + +### Build systems + +- cmake: Fix installation directories in libxml2-config.cmake +- meson: Install libxml2.py + +### Improvements + +- parser: Make xmlCtxtGetValidCtxt depend on VALID_ENABLED +- html: Avoid HTML_PARSE_HTML5 clashing with XML_PARSE_NOENT + + +v2.14.2: Apr 17 2025 + +### Security + +- [CVE-2025-32415] schemas: Fix heap buffer overflow in + xmlSchemaIDCFillNodeTables +- [CVE-2025-32414] python: Read at most len/4 characters. (Maks Verver) + +### Build + +- error: Fix initGenericErrorDefaultFunc compatibility macro +- meson: don't link with pthreads on Windows (Benjamin Gilbert) +- cmake, meson: Align Darwin version info with Autotools +- globals: Fix --with-thread-alloc build +- meson: ensure relaxng option supports minimum option (Lovell Fuller) + + +v2.14.1: Apr 3 2025 + +### Regressions + +- parser: Fix XML_PARSE_NOBLANKS dropping non-whitespace text + +### Build systems + +- win32-legacy: Fix build (ThomasK) +- meson: Fix build from tarball +- cmake, meson: Change library filename to libxml2.so.16.0.0 + + v2.14.0: Mar 27 2025 ### Major changes