Libxml2 2.14.5 has been released, addressing regressions, security issues, and improvements in encoding errors, parser, xmllint, and build systems and portability. It also addresses issues with null pointer dereference, potential buffer overflows, and CMake iconv handling.
Libxml2 2.14.5 released
https://download.gnome.org/sources/libxml2/2.14/libxml2-2.14.5.tar.xz
sha256sum: 03d006f3537616833c16c53addcdc32a0eb20e55443cba4038307e3fa7d8d44bRegressions
- html: Don’t abort on encoding errors
- parser: Fix handling of invalid char refs in recovery mode
- xmllint: Print document even in case of XInclude errors
- xmllint: Fix --xinclude --path
Security
- schematron: Fix memory safety issues in xmlSchematronReportOutput
- Schematron: Fix null pointer dereference leading to DoS (Michael Mann)
- Fix potential buffer overflows of interactive shell (Michael Mann)
Improvements
- parser: Fix xmlCtxtIsStopped
Build systems and portability
- schemas: Fix compilation with pre-C99 MSVC
- cmake: Add missing endif() in libxml2-config.cmake.in
- Fix CMake iconv handling after change to private dependency (Markus Rickert)
