- udpate to 2.4.7 (bsc#1196784, CVE-2022-25236):
* Bug fixes:
- Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
with regard to all valid URI characters (RFC 3986),
i.e. the following set (excluding whitespace):
ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
0123456789 % -._~ :/?#[]@ !$&'()*+,;=
* Other changes:
- CMake|Windows: Store Expat version in the DLL
- Document consequences of namespace separator choices not just
in doc/reference.html but also in header
- Document Expat's lack of validation of namespace URIs against
RFC 3986, and that the XML 1.0r4 specification doesn't
require Expat to validate namespace URIs, and that Expat
may do more in that regard in future releases.
If you find need for strict RFC 3986 URI validation on
application level today, https://uriparser.github.io/ may
be of interest.
- Fix documentation of XML_EndDoctypeDeclHandler in
- Document that a call to XML_FreeContentModel can be done at
a later time from outside the element declaration handler
- Make hardcoded namespace URIs easier to find in code
- Update documentation on use of XML_POOR_ENTOPY on Solaris
- tests: Resolve use of macros NAN and INFINITY for GNU G++
4.8.2 on Solaris.
- Version info bumped from 9:6:8 to 9:7:8;
see https://verbump.de/ for what these numbers do