Skip to content

Release candidate 2: Fixed XXE vulnerability

Pre-release
Pre-release
Compare
Choose a tag to compare
@sustefil sustefil released this 14 Mar 12:16
· 47 commits to main since this release
1.0.0-rc2
ff20a6c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

RC 2 is fixing an XXE (XML eXternal Entities) vulnerability. This can lead to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter by using specially crafted XML input files.

This issue is being tracked as CVE-2022-27193.

Assets 2
Loading
0 Join discussion