From 9579f7ea293e19d7b387de2690f8318611e0e77d Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Tue, 1 Mar 2022 23:29:19 +0100
Subject: [PATCH] Changes: Document #572 and #577

---
 expat/Changes | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/expat/Changes b/expat/Changes
index f5b0363a..5b0e333c 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -3,7 +3,23 @@ NOTE: We are looking for help with a few things:
       If you can help, please get in touch.  Thanks!
 
 Release x.x.x xxx xxxxxxxx xx xxxx
+        Bug fixes:
+       #572 #577  Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
+                    with regard to all valid URI characters (RFC 3986),
+                    i.e. the following set (excluding whitespace):
+                    ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
+                    0123456789 % -._~ :/?#[]@ !$&'()*+,;=
+
         Other changes:
+            #577  Document consequences of namespace separator choices not just
+                    in doc/reference.html but also in header <expat.h>
+            #577  Document Expat's lack of validation of namespace URIs against
+                    RFC 3986, and that the XML 1.0r4 specification doesn't
+                    require Expat to validate namespace URIs, and that Expat
+                    may do more in that regard in future releases.
+                    If you find need for strict RFC 3986 URI validation on
+                    application level today, https://uriparser.github.io/ may
+                    be of interest.
        #569 #571  tests: Resolve use of macros NAN and INFINITY for GNU G++
                     4.8.2 on Solaris.