Skip to content

1.8.1

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 16 Jun 10:37
1.8.1
This tag was signed with the committer’s verified signature.
freddyheppell Freddy Heppell
SSH Key Fingerprint: g2e9HLT9VrdorujIdE24Ve3vFoQNWtyzUWdcpzpZIzo
Verified
Learn about vigilant mode.
6ab7704
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security

  • Hardened XML parsing against the Billion Laughs attack by refusing to parse XML documents containing DOCTYPE or ENTITY declarations (which should not be present in valid sitemaps) (GHSA-p5wc-9w9r-m232 by @EQSTLab)
  • Hardened GZIP compression against decompression bomb attacks by decompressing only up to the configured maximum sitemap size (GHSA-8823-qg2x-pv9f by @EQSTLab)

Contributors

EQSTLab
Assets 6
Loading