Changes: Document #572 and #577

2022-03-01 23:29:19 +01:00 · 2022-03-01 23:29:19 +01:00 · 9579f7ea29
commit 9579f7ea29
parent c57bea96b7
1 changed files with 16 additions and 0 deletions
--- a/expat/Changes
+++ b/expat/Changes
@ -3,7 +3,23 @@ NOTE: We are looking for help with a few things:
      If you can help, please get in touch.  Thanks!

 Release x.x.x xxx xxxxxxxx xx xxxx
+        Bug fixes:
+       #572 #577  Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
+                    with regard to all valid URI characters (RFC 3986),
+                    i.e. the following set (excluding whitespace):
+                    ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
+                    0123456789 % -._~ :/?#[]@ !$&'()*+,;=
+
        Other changes:
+            #577  Document consequences of namespace separator choices not just
+                    in doc/reference.html but also in header <expat.h>
+            #577  Document Expat's lack of validation of namespace URIs against
+                    RFC 3986, and that the XML 1.0r4 specification doesn't
+                    require Expat to validate namespace URIs, and that Expat
+                    may do more in that regard in future releases.
+                    If you find need for strict RFC 3986 URI validation on
+                    application level today, https://uriparser.github.io/ may
+                    be of interest.
       #569 #571  tests: Resolve use of macros NAN and INFINITY for GNU G++
                    4.8.2 on Solaris.