@@ -45,6 +45,284 @@ Some deprecated global variables were made const:
4545- xmlDefaultSAXLocator
4646- xmlParserDebugEntities
4747
48+ ### Deprecations and removals
49+
50+ - threads: Deprecate remaining ThrDef functions
51+ - unicode: Deprecate most xmlUCSIs* functions
52+ - memory: Remove memory debugging
53+ - tree: Deprecate xmlRegisterNodeDefault
54+ - tree: Deprecate xmlSetCompressMode
55+ - html: Deprecate htmlHandleOmittedElem
56+ - valid: Deprecate internal validation functions
57+ - valid: Deprecate old DTD serialization API
58+ - nanohttp: Deprecate public API
59+ - Remove VMS support
60+ - Remove Trio
61+
62+ ### Bug fixes
63+
64+ - parser: Fix base URI of internal parameter entities
65+ - tree: Handle predefined entities in xmlBufGetEntityRefContent
66+ - schemas: Allow unlimited length decimals, integers etc. (Tomáš Ženčák)
67+ - reader: Fix preservation of attributes
68+ - parser: Always decode entities in namespace URIs
69+ - relaxng: Fix tree corruption in xmlRelaxNGParseNameClass (Seiya Nakata)
70+ - schemas: Fix ADD_ANNOTATION
71+ - tree: Fix tree iteration in xmlDOMWrapRemoveNode
72+ - tree: Declare namespace on clone in xmlDOMWrapCloneNode
73+ - tree: Fix xmlAddSibling with last sibling
74+ - tree: Fix xmlDocSetRootElement with multiple top-level elements
75+ - catalog: Fetch XML catalog before dumping
76+ - html: Don't close fd in htmlCtxtReadFd
77+
78+ ### Improvements
79+
80+ - parser: Fix "Truncated multi-byte sequence" error
81+ - Add missing _cplusplus processing clause (Sadaf Ebrahimi)
82+ - parser: Rework handling of undeclared entities
83+ - SAX2: Warn if URI resolution failed
84+ - parser: Don't report error on invalid URI
85+ - xmllint: Clean up option handling
86+ - xmllint: Rework parsing
87+ - parser: Don't create undeclared entity refs in substitution mode
88+ - Make some globals const
89+ - reader: Make xmlTextReaderReadString non-recursive
90+ - reader: Rework xmlTextReaderRead{Inner,Outer}Xml
91+ - Remove redundant size check (Niels Dossche)
92+ - Remove redundant NULL check on cur (Niels Dossche)
93+ - Remove always-false check old == cur (Niels Dossche)
94+ - Remove redundant NULL check on cur (Niels Dossche)
95+ - tree: Don't return empty localname in xmlSplitQName{2,3}
96+ - xinclude: Don't try to fix base of non-elements
97+ - tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling
98+ - SAX2: Optimize appending children
99+ - tree: Align xmlAddChild with other node insertion functions
100+ - html: Use binary search in htmlEntityValueLookup
101+ - io: Allocate output buffer with XML_BUFFER_ALLOC_IO
102+ - encoding: Don't shrink input too early in xmlCharEncOutput
103+ - tree: Tighten source doc check in xmlDOMWrapAdoptNode
104+ - tree: Check destParent->doc in xmlDOMWrapCloneNode
105+ - tree: Refactor text node updates
106+ - tree: Refactor node insertion
107+ - tree: Refactor element creation and parsing of attribute values
108+ - tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent
109+ - buf: Don't use default buffer size for small strings
110+ - string: Fix xmlStrncatNew(NULL, "")
111+ - entities: Don't allow null name in xmlNewEntity
112+ - html: Fix quadratic behavior in htmlNodeDump
113+ - tree: Rewrite xmlSetTreeDoc
114+ - valid: Rework xmlAddID
115+ - tree: Remove unused node types
116+ - tree: Make namespace comparison more consistent
117+ - tree: Don't allow NULL name in xmlSetNsProp
118+ - tree: Rework xmlNodeListGetString
119+ - tree: Rework xmlTextMerge
120+ - tree: Rework xmlNodeSetName
121+ - tree: Simplify xmlAddChild with text parent
122+ - tree: Disallow setting content of entity reference nodes
123+ - tree: Rework xmlReconciliateNs
124+ - schemas: fix spurious warning about truncated snprintf output
125+ (Benjamin Gilbert)
126+ - xmlschemastypes: Remove unreachable if statement (Maks Mishin)
127+ - relaxng: Remove useless if statement (Maks Mishin)
128+ - tree: Check for integer overflow in xmlStringGetNodeList
129+ - http: Improve error message for HTTPS redirects
130+ - catalog: Remove Windows hack
131+ - save: Move DTD serialization code to xmlsave.c
132+ - parser: Report fatal error if document entity couldn't be loaded
133+ - xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest
134+ - SAX2: Limit entity URI length to 2000 bytes
135+ - parser: Account for full size of non-well-formed entities
136+ - parser: Pop inputs if parsing DTD failed
137+ - parser: Fix quadratic behavior when copying entities
138+ - writer: Implement xmlTextWriterClose
139+ - parser: Avoid duplicate namespace errors
140+ - parser: Add XML_PARSE_NO_XXE parser option
141+ - parser: Make xmlParseContent more useful
142+ - error: Make xmlFormatError public
143+ - encoding: Check whether encoding handlers support input/output
144+ - SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE
145+ - parser: Lower maximum entity nesting depth
146+ - parser: Set depth limit to 2048 with XML_PARSE_HUGE
147+ - parser: Implement xmlCtxtSetOptions
148+ - parser: Always prefer option members over bitmask
149+ - parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set
150+ - parser: Rework parsing of attribute and entity values
151+ - save: Output U+FFFD replacement characters
152+ - parser: Simplify entity size accounting
153+ - parser: Avoid unwanted expansion of parameter entities
154+ - parser: Always copy content from entity to target
155+ - parser: Simplify control flow in xmlParseReference
156+ - parser: Remove xmlSetEntityReferenceFunc feature
157+ - parser: Push general entity input streams on the stack
158+ - parser: Move progressive flag into input struct
159+ - parser: Fix in-parameter-entity and in-external-dtd checks
160+ - xpath: Rewrite substring-before and substring-after
161+ - xinclude: Only set xml:base if necessary
162+ - xinclude: Allow empty nodesets
163+ - parser: Rework general entity parsing
164+ - io: Fix close error handling
165+ - io: Fix read/write error handling
166+ - io: More refactoring and unescaping fixes
167+ - io: Move some code from xmlIO.c to parserInternals.c
168+ - uri: Clean up special parsing modes
169+ - xinclude: Rework xml:base fixup
170+ - parser: Also set document properties when push parsing
171+ - include: Move non-generated parts from xmlversion.h.in
172+ - io: Remove support for HTTP POST
173+ - dict: Move local RNG state to global state
174+ - dict: Get random seed from system PRNG
175+ - io: Don't use "-" to read from stdin
176+ - io: Rework initialization
177+ - io: Consolidate error messages
178+ - xzlib: Fix harmless unsigned integer overflow
179+ - io: Always use unbuffered input
180+ - io: Fix detection of compressed streams
181+ - io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile
182+ - io: Rework default callbacks
183+ - error: Stop printing some errors by default
184+ - xpath: Don't free nodes of XSLT result value trees
185+ - valid: Fix handling of enumerations
186+ - parser: Allow recovery in xmlParseInNodeContext
187+ - encoding: Support ASCII in xmlLookupCharEncodingHandler
188+ - include: Remove useless 'const' from function arguments
189+ - Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const'
190+ conversions (makise-homura)
191+ - Avoid EDG deprecation warnings for LCC compiler (makise-homura)
192+ - Avoid EDG -Woverflow warnings on truncating conversions by manually
193+ truncating operand (makise-homura)
194+ - Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by
195+ conversion from unsigned int to int (makise-homura)
196+ - Avoid using no_sanitize attribute on EDG even if compiler shows as GCC
197+ (makise-homura)
198+
199+ ### Build systems
200+
201+ - meson: convert boolean options to feature option (Rosen Penev)
202+ - meson: Pass LIBXML_STATIC in dependency (Andrew Potter)
203+ - meson: fix compilation with local binaries (Rosen Penev)
204+ - meson: don't use dl dependency on old meson (Rosen Penev)
205+ - meson: fix usage as a subproject (Rosen Penev)
206+ - autotools: Fix pthread detection on FreeBSD
207+ - build: Remove --with-fexceptions configuration option
208+ - autotools: Remove --with-coverage configuration option
209+ - build: Disable HTTP support by default
210+ - Stop defining _REENTRANT
211+ - doc: Don't install example code
212+ - meson: Initial commit (Vincent Torri)
213+ - build: Disable support for compression libraries by default
214+ - Set LIBXML2_FOUND if it has been properly configured (Michele Bianchi)
215+ - Makefile.am: omit $(top_builddir) from DEPS and LDADDS (Mike Dalessio)
216+
217+ ### Test suite
218+
219+ - runtest: Work around broken EUC-JP support in musl iconv
220+ - runtest: Check for IBM-1141 encoding handler
221+ - fuzz: Add xmllint fuzzer
222+ - fuzz: Add fuzzer for XML reader API
223+ - fuzz: New tree API fuzzer
224+ - tests: Remove testOOM
225+ - Don't let gentest.py cast types to 'const somethingPtr' to avoid
226+ -Wignored-qualifiers (makise-homura)
227+
228+
229+ v2.12.8: Jun 12 2024
230+
231+ ### Regressions
232+
233+ - parser: Fix performance regression when parsing namespaces
234+
235+
236+ v2.12.7: May 13 2024
237+
238+ ### Security
239+
240+ - [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
241+
242+ ### Regressions
243+
244+ - xmllint: Fix --pedantic option
245+ - save: Handle invalid parent pointers in xhtmlNodeDumpOutput
246+
247+
248+ v2.12.6: Mar 15 2024
249+
250+ ### Regressions
251+
252+ - parser: Fix detection of duplicate attributes in XML namespace
253+ - xmlreader: Fix xmlTextReaderConstEncoding
254+ - html: Fix htmlCreatePushParserCtxt with encoding
255+ - xmllint: Return error code if XPath returns empty nodeset
256+
257+
258+ v2.12.5: Feb 4 2024
259+
260+ ### Security
261+
262+ - [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
263+
264+ ### Regressions
265+
266+ - parser: Fix crash in xmlParseInNodeContext with HTML documents
267+
268+
269+ v2.12.4: Jan 15 2024
270+
271+ ### Regressions
272+
273+ - parser: Fix regression parsing standalone declarations
274+ - autotools: Readd --with-xptr-locs configuration option
275+ - parser: Fix build --without-output
276+ - parser: Don't grow or shrink pull parser memory buffers
277+ - io: Fix memory lifetime issue with input buffers
278+
279+
280+ v2.12.3: Dec 12 2023
281+
282+ ### Regressions
283+
284+ - parser: Fix namespaces redefined from default attributes
285+
286+ ### Build fixes
287+
288+ - include: Rename XML_EMPTY helper macro
289+ - include: Move declaration of xmlInitGlobals
290+ - include: Add missing includes
291+ - include: Move globals from xmlsave.h to parser.h
292+ - include: Readd circular dependency between tree.h and parser.h
293+
294+
295+ v2.12.2: Dec 5 2023
296+
297+ ### Regressions
298+
299+ - parser: Fix invalid free in xmlParseBalancedChunkMemoryRecover
300+ - globals: Disable TLS in static Windows builds
301+ - html: Reenable buggy detection of XML declarations
302+ - tree: Fix regression when copying DTDs
303+ - parser: Make CRLF increment line number
304+
305+ ### Build fixes
306+
307+ - build: Disable compiler TLS by default
308+ - cmake: Update config.h.cmake.in
309+ - tests: Fix tests --with-valid --without-xinclude
310+
311+
312+ v2.12.1: Nov 23 2023
313+
314+ ### Regressions
315+
316+ - hash: Fix deletion of entries during scan
317+ - parser: Only enable SAX2 if there are SAX2 element handlers
318+
319+ ### Build fixes
320+
321+ - autotools: Stop checking for snprintf
322+ - dict: Fix '__thread' before 'static'
323+ - fix: pthread weak references in globals.c (Mike Dalessio)
324+ - tests: Fix build with older MSVC
325+
48326
49327v2.12.0: Nov 16 2023
50328
0 commit comments