Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Matthew Wild <mwild1 <at> gmail.com>
Subject: [ANN] LuaExpat 1.2.0 released
Newsgroups: gmane.comp.lang.lua.general
Date: Friday 3rd June 2011 15:30:14 UTC (over 6 years ago)
Hi everyone,

As a developer of probably one of the largest projects depending on
LuaExpat, I've just taken maintainership of the module, which has been
untended for a few years now.

This release brings a minimal number of API changes, in fact just
enough for an application to prevent what has become known as the
"billion laughs" attack. This attack is of importance to anyone
processing XML from untrusted sources - successfully exploiting it
causes the parser to consume large amounts of CPU and RAM, effectively
a denial of service against the process and sometimes the machine.
More information at:
http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html#N100F1

The 1.2.0 tarball can be found at
http://matthewwild.co.uk/projects/luaexpat/luaexpat-1.2.0.tar.gz
Fabio has already pushed the release into the LuaRocks repository.

LuaExpat also now has a source repository at
http://code.matthewwild.co.uk/lua-expat

In the long term I plan to extend the API to make it a little more
complete, like adding the remaining missing callbacks and allowing
resume after parser:stop(). Any suggestions or feedback welcome here
or direct to me.

Regards,
Matthew

PS. I nearly forgot: Expat is an XML parsing library. XML is an
extensible markup language. Laughter is... never mind.
 
CD: 3ms