lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Happy to announce a new release of LuaExpat. Though this is a minor, it does
raise the bar on the underlying libexpat version.

From the changelog:

* WARNING: this update requires a minimum libExpat version of 2.4.0. Though
  at the time of writing a minimum version of 2.4.6 is recommended due to 
  CVE's fixed in the intermediate versions.

* Added option "allowDTD" to the threat protection parser.

* Add configuration for Billion Laughs Attack prevention. This includes adding

    #include "expat_config.h”,

  since these functions are conditionally included in the exposed API of Expat.
  This means that LuaExpat will now be compiled using the same options used to 
  compile Expat itself.

* Expose Expat compile time constants (lxp._EXPAT_FEATURES).

Installation via LuaRocks is easiest as usual.

Source is on GitHub: