[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: [ANN] LuaExpat 1.5.0 released
- From: Thijs Schreijer <thijs@...>
- Date: Fri, 26 Aug 2022 09:19:38 +0000
Happy to announce a new release of LuaExpat. Though this is a minor, it does
raise the bar on the underlying libexpat version.
From the changelog:
* WARNING: this update requires a minimum libExpat version of 2.4.0. Though
at the time of writing a minimum version of 2.4.6 is recommended due to
CVE's fixed in the intermediate versions.
* Added option "allowDTD" to the threat protection parser.
* Add configuration for Billion Laughs Attack prevention. This includes adding
since these functions are conditionally included in the exposed API of Expat.
This means that LuaExpat will now be compiled using the same options used to
compile Expat itself.
* Expose Expat compile time constants (lxp._EXPAT_FEATURES).
Installation via LuaRocks is easiest as usual.
Source is on GitHub: https://github.com/lunarmodules/luaexpat