[ANN] LuaExpat 1.5.0 released

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: [ANN] LuaExpat 1.5.0 released
From: Thijs Schreijer <thijs@...>
Date: Fri, 26 Aug 2022 09:19:38 +0000

List,

Happy to announce a new release of LuaExpat. Though this is a minor, it does
raise the bar on the underlying libexpat version.

From the changelog:

* WARNING: this update requires a minimum libExpat version of 2.4.0. Though
  at the time of writing a minimum version of 2.4.6 is recommended due to 
  CVE's fixed in the intermediate versions.

* Added option "allowDTD" to the threat protection parser.

* Add configuration for Billion Laughs Attack prevention. This includes adding

    #include "expat_config.h”,

  since these functions are conditionally included in the exposed API of Expat.
  This means that LuaExpat will now be compiled using the same options used to 
  compile Expat itself.

* Expose Expat compile time constants (lxp._EXPAT_FEATURES).


Installation via LuaRocks is easiest as usual.

Source is on GitHub: https://github.com/lunarmodules/luaexpat

Enjoy!
Thijs

Prev by Date: Re: Harel statemachine for Lua 5.4
Next by Date: [ANN] lua-cbor 1.0.0 released
Previous by thread: Re: Harel statemachine for Lua 5.4
Next by thread: [ANN] lua-cbor 1.0.0 released
Index(es):
- Date
- Thread