Libxml2 2.14.5 released

nwellnhof · July 15, 2025, 1:38pm

https://download.gnome.org/sources/libxml2/2.14/libxml2-2.14.5.tar.xz
sha256sum: 03d006f3537616833c16c53addcdc32a0eb20e55443cba4038307e3fa7d8d44b

Regressions

html: Don’t abort on encoding errors
parser: Fix handling of invalid char refs in recovery mode
xmllint: Print document even in case of XInclude errors
xmllint: Fix --xinclude --path

Security

schematron: Fix memory safety issues in xmlSchematronReportOutput
Schematron: Fix null pointer dereference leading to DoS (Michael Mann)
Fix potential buffer overflows of interactive shell (Michael Mann)

Improvements

parser: Fix xmlCtxtIsStopped

Build systems and portability

schemas: Fix compilation with pre-C99 MSVC
cmake: Add missing endif() in libxml2-config.cmake.in
Fix CMake iconv handling after change to private dependency (Markus Rickert)

flavorjones · July 17, 2025, 5:14pm

@nwellnhof I see that some of these security fixes are present on the 2.13 branch. Are you planning to cut a security release on the 2.13 series? I’m OK either way, but just want to know so I won’t put in the work backporting the fixes if you’re planning to cut a release.

Thanks!

nwellnhof · July 17, 2025, 6:58pm

There are no plans for another 2.13 release, but I’ll keep the 2.13 branch updated for a while.

system · August 16, 2025, 6:58pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.