Changes: Document changes in release Expat 2.6.2

2025-04-05 05:05:00 +00:00 · 2024-03-08 13:07:00 +01:00 · 2024-03-08 13:07:00 +01:00 · 98ee1baef8
commit 98ee1baef8
parent 5bf8ed66ef
1 changed files with 22 additions and 0 deletions
--- a/expat/Changes
+++ b/expat/Changes
@ -2,6 +2,28 @@ NOTE: We are looking for help with a few things:
      https://github.com/libexpat/libexpat/labels/help%20wanted
      If you can help, please get in touch.  Thanks!

+Release 2.6.2 XXX XXXXXXXXXX XX XXXX
+        Security fixes:
+       #839 #842  CVE-2024-28757 -- Prevent billion laughs attacks with
+                    isolated use of external parsers.  Please see the commit
+                    message of commit 1d50b80cf31de87750103656f6eb693746854aa8
+                    for details.
+
+        Bug fixes:
+       #839 #841  Reject direct parameter entity recursion
+                    and avoid the related undefined behavior
+
+        Other changes:
+            #847  Autotools: Fix build for DOCBOOK_TO_MAN containing spaces
+            #837  Add missing #821 and #824 to 2.6.1 change log
+
+        Special thanks to:
+            Philippe Antoine
+            Tomas Korbar
+                 and
+            Clang UndefinedBehaviorSanitizer
+            OSS-Fuzz / ClusterFuzz
+
 Release 2.6.1 Thu February 29 2024
        Bug fixes:
            #817  Make tests independent of CPU speed, and thus more robust