Libxml2 version 2.14.5 has been officially released, introducing several critical updates that enhance the library's performance and security. This latest iteration addresses various regressions, resolves security vulnerabilities, and improves the handling of encoding errors, the XML parser, the xmllint tool, as well as the build systems and overall portability of the library.
Key updates include significant fixes to regressions:
- The HTML module now avoids aborting on encoding errors.
- The parser has improved handling of invalid character references while in recovery mode.
- The xmllint tool will now correctly print the document even when encountering XInclude errors and has fixed issues related to the `--xinclude --path` options.
In terms of security, version 2.14.5 addresses several memory safety concerns:
- The Schematron module has been updated to eliminate memory safety issues when using `xmlSchematronReportOutput`.
- A null pointer dereference vulnerability that could lead to Denial of Service (DoS) has been patched, credited to researcher Michael Mann.
- Potential buffer overflow risks in the interactive shell have also been corrected, again attributed to Michael Mann's findings.
Additional improvements include:
- Adjustments to the parser for better functionality with `xmlCtxtIsStopped`.
- Enhancements to build systems, including fixes for compilation issues with pre-C99 MSVC and corrections to CMake's iconv handling after adjustments in dependency management.
The release is available for download at the following link: [Libxml2 2.14.5 Download](https://download.gnome.org/sources/libxml2/2.14/libxml2-2.14.5.tar.xz) with the accompanying SHA256 checksum for verification: `03d006f3537616833c16c53addcdc32a0eb20e55443cba4038307e3fa7d8d44b`.
Overall, Libxml2 2.14.5 represents an important update that not only enhances functionality and security but also improves the developer experience by addressing previous issues in its build systems and portability aspects. Users and developers are encouraged to upgrade to this version to benefit from these enhancements
Key updates include significant fixes to regressions:
- The HTML module now avoids aborting on encoding errors.
- The parser has improved handling of invalid character references while in recovery mode.
- The xmllint tool will now correctly print the document even when encountering XInclude errors and has fixed issues related to the `--xinclude --path` options.
In terms of security, version 2.14.5 addresses several memory safety concerns:
- The Schematron module has been updated to eliminate memory safety issues when using `xmlSchematronReportOutput`.
- A null pointer dereference vulnerability that could lead to Denial of Service (DoS) has been patched, credited to researcher Michael Mann.
- Potential buffer overflow risks in the interactive shell have also been corrected, again attributed to Michael Mann's findings.
Additional improvements include:
- Adjustments to the parser for better functionality with `xmlCtxtIsStopped`.
- Enhancements to build systems, including fixes for compilation issues with pre-C99 MSVC and corrections to CMake's iconv handling after adjustments in dependency management.
The release is available for download at the following link: [Libxml2 2.14.5 Download](https://download.gnome.org/sources/libxml2/2.14/libxml2-2.14.5.tar.xz) with the accompanying SHA256 checksum for verification: `03d006f3537616833c16c53addcdc32a0eb20e55443cba4038307e3fa7d8d44b`.
Overall, Libxml2 2.14.5 represents an important update that not only enhances functionality and security but also improves the developer experience by addressing previous issues in its build systems and portability aspects. Users and developers are encouraged to upgrade to this version to benefit from these enhancements
Libxml2 2.14.5 released
Libxml2 2.14.5 has been released, addressing regressions, security issues, and improvements in encoding errors, parser, xmllint, and build systems and portability. It also addresses issues with null pointer dereference, potential buffer overflows, and CMake iconv handling.
