Breaking changes
- To address a security issue, it was necessary to add a
MaxDepthoption to
ReadSettingsto limit the depth of XML trees during parsing. A generous
default value of 1024 was chosen to avoid breaking most existing code.
However, if your code is processing XML hierarchies with a depth greater
than 1024, you will need to assign yourDocumentaReadSettingsthat has
aMaxDepthset to a higher value.
Security Fixes
- Limited the depth of XML trees processed by all
ReadFromfunctions during
parsing. - Fixed a
CompilePathindex-out-of-range panic that could be caused by a
missing path filter key. - Sanitized the contents of XML text, comment, ProcInst and Directive tokens
provided by the user.