1 <?xml version=
"1.0" encoding=
"UTF-8"?>
2 <!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
3 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4 <html xmlns=
"http://www.w3.org/1999/xhtml"
5 xmlns:
xi=
"http://www.w3.org/2001/XInclude"
6 xmlns:
xc=
"urn:xhtml-compiler"
7 xmlns:
rss=
"urn:xhtml-compiler:RSSGenerator"
8 xmlns:
svn=
"urn:xhtml-compiler:Subversion"
9 svn:
head-url=
"$HeadURL: svn+ssh://ezyang@htmlpurifier.org/svnroot/htmlpurifier-web/trunk/index.xhtml $"
10 svn:
revision=
"$Revision: 1139 $"
13 <title>News - HTML Purifier
</title>
14 <xi:include href=
"common-meta.xml" xpointer=
"xpointer(/*/node())" />
15 <meta name=
"description"
16 content=
"Recent news related to HTML Purifier." />
18 content=
"HTMLPurifier, HTML Purifier, HTML, filter, filtering, standards, compliant, w3c, news, blog, releases, rss" />
19 <link rel=
"alternate" type=
"application/rss+xml"
20 title=
"News - HTML Purifier" href=
"news.rss"
21 rss:
for=
"news-container"
22 rss:
description=
"Recent news and updates on HTML Purifier" />
26 <xi:include href=
"common-header.xml" xpointer=
"xpointer(/*/node())" />
27 <h1 id=
"title">News
</h1>
31 <xi:include href=
"download-box.xml" xpointer=
"xpointer(/*/node())" />
33 <div id=
"news-container" class=
"news">
35 <div class=
"item" id=
"news-3.1.1-released">
36 <h3 class=
"title">HTML Purifier
3.1.1 released
</h3>
37 <div class=
"date">Thu,
19 June
2008 17:
57:
00 EST
</div>
41 HTML Purifier
3.1.1 is a security and bugfix release. This release addresses
42 two security vulnerabilities, both related to
<abbr>CSS
</abbr>, and one of which only
43 applies to users using Shift_JIS as their output encoding. There is also
44 a security improvement regarding the imagecrash attack. There is a backwards
45 incompatible change with %URI.Munge, in which resources are no longer munged
46 by default; please enable using %URI.MungeResources. Besides this, there
47 are numerous improvements to
<abbr>URI
</abbr> munging, esp. with the addition of
48 %URI.MungeSecretKey, as well as an experimental implementation of
49 %HTML.SafeObject and %HTML.SafeEmbed. There are also some memory optimizations.
52 As a security release, please update as quickly as possible. Care has been
53 taken to prevent backwards-compatibiilty breakage this time (something that
54 plagued users who tried to upgrade to
3.1.0), there is only one slight break
55 related to a bugfix that can be easily undone with %URI.MungeResources.
58 See
<a href=
"http://htmlpurifier.org/svnroot/htmlpurifier/tags/3.1.1/NEWS">NEWS
</a>
59 for a complete changelog. There were numerous added configuration directives
63 Along with this release, we would like to announce full disclosure on
64 the security vulnerability patched in
3.1.0. Please see
65 <a href=
"security/2008/http-protocol-removal.html"><abbr>HTTP
</abbr> Protocol Removal
</a>
66 for more information about the vulnerability affecting versions prior
72 <div class=
"item" id=
"news-2.1.4-released">
73 <h3 class=
"title">HTML Purifier
2.1.4 released
</h3>
74 <div class=
"date">Sun,
18 May
2008 15:
27:
00 EST
</div>
78 This is a security and bugfix release for the HTML Purifier
2.1
79 series, and should only be downloaded by developers stuck on
80 <abbr>PHP
</abbr> 4.
<strong>Important:
</strong> Please upgrade your
81 libraries as quickly as
82 possible. The vulnerability was discovered internally, and no known
83 exploits have been found in the wild. This is the same vulnerability
84 as was fixed in HTML Purifier
3.1.0.
87 See
<a href=
"http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.4/NEWS">NEWS
</a>
88 for a complete changelog.
93 <div class=
"item" id=
"news-3.1.0-released">
94 <h3 class=
"title">HTML Purifier
3.1.0 released
</h3>
95 <div class=
"date">Sun,
08 May
2008 14:
04:
00 EST
</div>
99 HTML Purifier
3.1.0 is the first offical stable release for
3.1 series.
100 It improves HTML Purifier's integration with
<abbr>PHP
</abbr> 5, mainly
101 through the new use of autoloading.
102 It also includes support for the !important CSS modifier,
103 display and visibility CSS properties with %CSS.AllowTricky, marquee with
104 %HTML.Proprietary (had you scared for a moment, hmm?), a kses() wrapper,
105 %CSS.AllowedProperties, %HTML.ForbiddenAttributes and
106 %HTML.ForbiddenElements and a totally revamped ConfigDoc system. Since the
107 release candidate, there have also been a number of stability fixes such as
108 improved URI escaping, a change in serializer ID format, and a relaxed
109 format for %HTML.Allowed. And as always, numerous bugfixes.
112 <strong>Important:
</strong> HTML Purifier
3.1.0 also fixes a
113 security vulnerability. Please upgrade your libraries as quickly as
114 possible. The vulnerability was discovered internally, and no known
115 exploits have been found in the wild.
118 For a detailed migration guide, please see the
119 <a href=
"news/2008/3.1.0-released.html">3.1.0 release page
</a>. If
120 you had been using the release candidate, you do not need to worry
126 <div class=
"item" id=
"news-3.1.0rc1-released">
127 <h3 class=
"title">HTML Purifier
3.1.0 release candidate
</h3>
128 <div class=
"date">Tue,
22 Apr
2008 02:
51:
00 EST
</div>
132 I assure you, this has
<em>never
</em> happened before to HTML Purifier;
133 never before have we had a release candidate. I assure you, there is
134 something big with this release, and that's why I am painstakingly
135 doing a release candidate before the official
3.1 series begins.
138 To read more about it, please check out the
139 <a href=
"news/2008/3.1.0rc1-released.html">3.1.0rc1 release candidate page
</a>.
144 <div class=
"item" id=
"news-3.0.0-released">
145 <h3 class=
"title">HTML Purifier
3.0.0 released
</h3>
146 <div class=
"date">Sun,
06 Jan
2008 10:
44:
00 EST
</div>
150 Release
3.0.0 is the first release of
2008 and also HTML Purifier's first
151 <a href=
"http://gophp5.org/">PHP
5 only
</a> release.
152 The
2.1 series will still
153 <a href=
"download.html#PHP4">be supported for bug and security fixes,
</a>
154 but will not get new features. This release a number of
155 improvements in
<abbr>CSS
</abbr> handling, including the filter
156 <code>HTMLPurifier_Filter_ExtractStyleBlocks
</code> which integrates
158 <a href=
"http://csstidy.sourceforge.net/">CSSTidy
</a> for cleaning style sheets
159 (see the source code file for more information on usage), contains
160 experimental support for
161 proprietary
<abbr>CSS
</abbr> properties with %CSS.Proprietary, case-insensitive
162 <abbr>CSS
</abbr> properties, and more lenient hexadecimal color codes. Also, all code
163 has been upgraded to full
<abbr>PHP
</abbr> 5 and is
164 <code>E_STRICT
</code> clean for all versions of PHP
5 (including the
165 5.0 series, which previously had parse-time errors).
168 See
<a href=
"http://htmlpurifier.org/svnroot/htmlpurifier/tags/3.0.0/NEWS">NEWS
</a>
169 for a complete changelog.
175 </div> <!-- end news-container -->