Skip to content

v3.1.21

Choose a tag to compare

View all tags
@Erikmitk Erikmitk released this 05 Jun 07:37
· 713 commits to main since this release
v3.1.21
0aee249
This commit was signed with the committer’s verified signature.
Erikmitk Erik Sommer
GPG key ID: 90793A0289E87402
Verified
Learn about vigilant mode.

v3.1.21

  • Fix XXE injection vulnerabilities across all XML parsing call sites: add XPath::loadXml() and XPath::loadSimpleXml() helpers (LIBXML_NONET + entity loader disabled) and route all 25 call sites in 11 files through them
  • Fix Dependabot auto-merge workflow: use --rebase instead of --merge
Assets 2
Loading