REXML 3.3.6 - 2024-08-22

[github-actions[bot]]

Improvements

• Removed duplicated entity expansions for performance.

  • Improve BaseParser#unnormalize #194
  • Patch by Viktor Ivarsson.

• Improved namespace conflicted attribute check performance. It was
  too slow for deep elements.

  • Reported by l33thaxor.

Fixes

• Fixed a bug that default entity expansions are counted for
  security check. Default entity expansions should not be counted
  because they don't have a security risk.

  • RuntimeError "entity expansion has grown too large" with default entities in REXML::Parsers::BaseParser after 3.3.3 #198
  • Fix RuntimeError in REXML::Parsers::BaseParser for valid feeds #199
  • Patch Viktor Ivarsson

• Fixed a parser bug that parameter entity references in internal
  subsets are expanded. It's not allowed in the XML specification.

  • Fix to not allow parameter entity references at internal subsets #191
  • Patch by NAITOH Jun.

• Fixed a stream parser bug that user-defined entity references in
  text aren't expanded.

  • Fix a bug that Stream parser doesn't expand the user-defined entity references for "text" #200
  • Patch by NAITOH Jun.

Thanks

• Viktor Ivarsson

• NAITOH Jun

• l33thaxor

---

This discussion was created from the release REXML 3.3.6 - 2024-08-22.