XML Parsing Security Fix
August 10th, 2007
XML processing instruction will be ignored when parsing HTML.
This fixes a denial of service vulnerability caused by exponential XML entity expansion. Changeset #7300
UPDATE 2007-08-22 This patch has been undone in Changeset #7357
About This Site
This is the blog of Jim Lindley, a 28 year old web developer in Buffalo, NY.
Sorry, comments are closed for this article.