Subject: [ANN] LuaExpat 1.2.0 released
Date: Friday 3rd June 2011 15:30:14 UTC (over 5 years ago)
Hi everyone, As a developer of probably one of the largest projects depending on LuaExpat, I've just taken maintainership of the module, which has been untended for a few years now. This release brings a minimal number of API changes, in fact just enough for an application to prevent what has become known as the "billion laughs" attack. This attack is of importance to anyone processing XML from untrusted sources - successfully exploiting it causes the parser to consume large amounts of CPU and RAM, effectively a denial of service against the process and sometimes the machine. More information at: http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html#N100F1 The 1.2.0 tarball can be found at http://matthewwild.co.uk/projects/luaexpat/luaexpat-1.2.0.tar.gz Fabio has already pushed the release into the LuaRocks repository. LuaExpat also now has a source repository at http://code.matthewwild.co.uk/lua-expat In the long term I plan to extend the API to make it a little more complete, like adding the remaining missing callbacks and allowing resume after parser:stop(). Any suggestions or feedback welcome here or direct to me. Regards, Matthew PS. I nearly forgot: Expat is an XML parsing library. XML is an extensible markup language. Laughter is... never mind.