Libxml2 2.13.9 and 2.14.6 released

GNOME 3685 Published by

Nick Wellnhofer has announced the availability of two new versions of libxml2, a C-based XML toolkit: version 2.13.9 and version 2.14.6. These releases address various regressions, security issues, bug fixes, and improvements to the library's functionality and build systems. Notable fixes include preventing integer overflows and out-of-bounds array accesses, resolving issues with reading from pipes on Windows, and undeprecating certain functions.



libxml2 2.13.9 and libxml2 2.14.6 Announcements

Nick Wellnhofer has announced the availability of two new versions of libxml2, a C-based XML toolkit originally developed for the GNOME Project: version 2.13.9 and version 2.14.6.
Screenshot_from_2025_09_09_08_42_05

libxml2 2.13.9 Release Notes

The release notes for libxml2 2.13.9 are as follows:

  • Regressions
    • valid: Fix an issue where IDs were being added during entity content validation.
    • io: Resolve a problem with reading from pipes like stdin on Windows.
    • parser: Address an issue with handling invalid character references in recovery mode.
  • Security Fixes
    • regexp: Prevent integer overflows and out-of-bounds array accesses.
    • tree: Guard against atype corruption.
    • CVE-2025-49794: Fix xmlSchematronReportOutput function.
    • CVE-2025-49796: Fix a null pointer dereference leading to denial-of-service (DoS).
    • CVE-2025-49795: Fix a potential buffer overflow in the interactive shell.
    • CVE-2025-6170: Address potential buffer overflows.
  • Bug Fixes
    • save: Resolve an issue with serializing attribute defaults containing less-than characters (<).
  • Improvements
    • parser: Fix the argument type for xmlSaturatedAddSizeT function.
libxml2 2.14.6 Release Notes

The release notes for libxml2 2.14.6 are as follows:

  • Regressions
    • valid: Don't add IDs when validating entity content.
    • Fix initGenericErrorDefaultFunc(NULL) (Samuel Thibault).
    • Undeprecate xmlAdd*Decl functions.
    • Include HTMLparser.h to fix Windows build issues.
    • io: Resolve a problem with reading from pipes like stdin on Windows.
  • Security Fixes
    • regexp: Prevent integer overflows and out-of-bounds array accesses.
    • tree: Guard against atype corruption.
  • Improvements
    • parser: Fix xmlSaturatedAddSizeT argument type.

Download Links

To download the releases, visit:

Checksums

The SHA256 checksums for the releases are:

  • libxml2 2.13.9: a2c9ae7b770da34860050c309f903221c67830c86e4a7e760692b803df95143a
  • libxml2 2.14.6: 7ce458a0affeb83f0b55f1f4f9e0e55735dbfc1a9de124ee86fb4a66b597203a

Ungoogled Chromium 140.0.7339.80-1 released

Lenovo ThinkBook Plus Gen 6 Rollable review and more

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...