news/2013/1130-4.6.0-released.xhtml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   3   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   4 <html
   5   xmlns="http://www.w3.org/1999/xhtml"
   6   xmlns:xi="http://www.w3.org/2001/XInclude"
   7   xmlns:xc="urn:xhtml-compiler"
   8   xc:news="yes"
   9   xml:lang="en">
  10 <head>
  11   <title>HTML Purifier 4.6.0 released - News - HTML Purifier</title>
  12   <xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
  13 </head>
  14 <body>
  15
  16 <xi:include href="common-header.xml" xpointer="xpointer(/*/node())" />
  17
  18 <div id="main">
  19 <h1 id="title">HTML Purifier 4.6.0 released</h1>
  20
  21 <div id="content">
  22   <p>
  23 HTML Purifier 4.6.0 is a major security release, fixing numerous bad
  24 quadratic asymptotics in HTML Purifier's core algorithms.  Most users will
  25 see a decent speedup on large inputs, although small inputs may take
  26 longer.  Additionally, the secure URI munging algorithm has changed to
  27 do a proper HMAC.  There are some other miscellaneous bugfixes as well.
  28   </p>
  29   <p>
  30     See <a
  31         href="http://repo.or.cz/w/htmlpurifier.git/blob/6f389f0f25b90d0b495308efcfa073981177f0fd:/NEWS">NEWS</a>
  32     for a complete changelog.  If you were using the secure URI munge hashing, you will need
  33     to update your redirector scripts.  Additionally, %Core.EscapeInvalidChildren no longer
  34     does anything.
  35   </p>
  36 </div>
  37 </div>
  38 </body>
  39 </html>