1 <?xml version=
"1.0" encoding=
"UTF-8"?>
2 <!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
3 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4 <html xmlns=
"http://www.w3.org/1999/xhtml"
5 xmlns:
xi=
"http://www.w3.org/2001/XInclude"
6 xmlns:
xc=
"urn:xhtml-compiler"
7 xmlns:
rss=
"urn:xhtml-compiler:RSSGenerator"
8 xmlns:
svn=
"urn:xhtml-compiler:Subversion"
9 svn:
head-url=
"$HeadURL: svn+ssh://ezyang@htmlpurifier.org/svnroot/htmlpurifier-web/trunk/index.xhtml $"
10 svn:
revision=
"$Revision: 1139 $"
13 <title>News - HTML Purifier
</title>
14 <xi:include href=
"common-meta.xml" xpointer=
"xpointer(/*/node())" />
15 <meta name=
"description"
16 content=
"Recent news related to HTML Purifier." />
18 content=
"HTMLPurifier, HTML Purifier, HTML, filter, filtering, standards, compliant, w3c, news, blog, releases, rss" />
19 <link rel=
"alternate" type=
"application/rss+xml"
20 title=
"News - HTML Purifier" href=
"news.rss"
21 rss:
for=
"news-container"
22 rss:
description=
"Recent news and updates on HTML Purifier" />
26 <xi:include href=
"common-header.xml" xpointer=
"xpointer(/*/node())" />
27 <h1 id=
"title">News
</h1>
31 <xi:include href=
"download-box.xml" xpointer=
"xpointer(/*/node())" />
33 <div id=
"news-container" class=
"news">
35 <div class=
"item" id=
"git">
36 <h3 class=
"title">Switching to Git
</h3>
37 <div class=
"date">Mon,
23 June
2008 22:
42:
00 EST
</div>
41 After several weeks of testing, HTML Purifier is proud to announce that
42 it will be switching to Git as its source control management system.
43 Git offers a number of advantages over Subversion:
47 <em>Superior support for branchy development.
</em> Subversion
1.5 introduces
48 merge-tracking which somewhat diminishes this benefit, but implementing
49 that is entirely at the whimsy of Dreamhost, which I am not going to
53 <em>Increased possibility for user participation.
</em> Git makes it extremely
54 easy to do local development and submit patches.
57 <em>Data redundancy.
</em> Every user has a complete copy of HTML Purifier's
58 history, making it extremely difficult to lose data. This is opposed
59 to our current setup, where htmlpurifier.org is a central point of failure,
60 and backups are sent to only one other machine.
63 <em>Performance.
</em> Git is fast, both in terms of disk operations
64 and network operations. Gone are the days of waiting several minutes
65 for Subversion to finish committing.
69 Currently, only
<code>htmlpurifier
</code> has been migrated to Git;
70 <code>htmlpurifier-web
</code> will be migrated after any kinks are
71 worked out. There are number of features such as nightly snapshot
72 generation and contributor documentation that needs to be written.
75 We will be using
<a href=
"http://repo.or.cz/w/htmlpurifier.git">repo.or.cz
</a>
76 as our primary remote repository; push access will be administered there,
77 and changes will be mirrored (courtesy of a script by aeruder at #git)
78 to a repository hosted at
<a href=
"http://git.htmlpurifier.org">git.htmlpurifier.org
</a>
79 as well as
<a href=
"http://github.com/ezyang/htmlpurifier/tree/master">GitHub
</a>.
80 If you want to grab a development copy, use this command:
82 <pre>git clone git://repo.or.cz/htmlpurifier.git
</pre>
84 Feel free to play around, and register comments and complaints at
85 <a href=
"phorum">the forum
</a>.
90 <div class=
"item" id=
"news-3.1.1-released">
91 <h3 class=
"title">HTML Purifier
3.1.1 released
</h3>
92 <div class=
"date">Thu,
19 June
2008 17:
57:
00 EST
</div>
96 HTML Purifier
3.1.1 is a security and bugfix release. This release addresses
97 two security vulnerabilities, both related to
<abbr>CSS
</abbr>, and one of which only
98 applies to users using Shift_JIS as their output encoding. There is also
99 a security improvement regarding the imagecrash attack. There is a backwards
100 incompatible change with %URI.Munge, in which resources are no longer munged
101 by default; please enable using %URI.MungeResources. Besides this, there
102 are numerous improvements to
<abbr>URI
</abbr> munging, esp. with the addition of
103 %URI.MungeSecretKey, as well as an experimental implementation of
104 %HTML.SafeObject and %HTML.SafeEmbed. There are also some memory optimizations.
107 As a security release, please update as quickly as possible. Care has been
108 taken to prevent backwards-compatibiilty breakage this time (something that
109 plagued users who tried to upgrade to
3.1.0), there is only one slight break
110 related to a bugfix that can be easily undone with %URI.MungeResources.
113 See
<a href=
"http://htmlpurifier.org/svnroot/htmlpurifier/tags/3.1.1/NEWS">NEWS
</a>
114 for a complete changelog. There were numerous added configuration directives
118 Along with this release, we would like to announce full disclosure on
119 the security vulnerability patched in
3.1.0. Please see
120 <a href=
"security/2008/http-protocol-removal.html"><abbr>HTTP
</abbr> Protocol Removal
</a>
121 for more information about the vulnerability affecting versions prior
125 Finally, the security fixes and bug fixes were backported to our PHP4
126 branch with the release of HTML Purifier
2.1.5. See
127 <a href=
"http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.5/NEWS">NEWS (PHP4)
</a>
128 for a complete changelog.
133 <div class=
"item" id=
"news-2.1.4-released">
134 <h3 class=
"title">HTML Purifier
2.1.4 released
</h3>
135 <div class=
"date">Sun,
18 May
2008 15:
27:
00 EST
</div>
139 This is a security and bugfix release for the HTML Purifier
2.1
140 series, and should only be downloaded by developers stuck on
141 <abbr>PHP
</abbr> 4.
<strong>Important:
</strong> Please upgrade your
142 libraries as quickly as
143 possible. The vulnerability was discovered internally, and no known
144 exploits have been found in the wild. This is the same vulnerability
145 as was fixed in HTML Purifier
3.1.0.
148 See
<a href=
"http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.4/NEWS">NEWS
</a>
149 for a complete changelog.
154 <div class=
"item" id=
"news-3.1.0-released">
155 <h3 class=
"title">HTML Purifier
3.1.0 released
</h3>
156 <div class=
"date">Sun,
08 May
2008 14:
04:
00 EST
</div>
160 HTML Purifier
3.1.0 is the first offical stable release for
3.1 series.
161 It improves HTML Purifier's integration with
<abbr>PHP
</abbr> 5, mainly
162 through the new use of autoloading.
163 It also includes support for the !important CSS modifier,
164 display and visibility CSS properties with %CSS.AllowTricky, marquee with
165 %HTML.Proprietary (had you scared for a moment, hmm?), a kses() wrapper,
166 %CSS.AllowedProperties, %HTML.ForbiddenAttributes and
167 %HTML.ForbiddenElements and a totally revamped ConfigDoc system. Since the
168 release candidate, there have also been a number of stability fixes such as
169 improved URI escaping, a change in serializer ID format, and a relaxed
170 format for %HTML.Allowed. And as always, numerous bugfixes.
173 <strong>Important:
</strong> HTML Purifier
3.1.0 also fixes a
174 security vulnerability. Please upgrade your libraries as quickly as
175 possible. The vulnerability was discovered internally, and no known
176 exploits have been found in the wild.
179 For a detailed migration guide, please see the
180 <a href=
"news/2008/3.1.0-released.html">3.1.0 release page
</a>. If
181 you had been using the release candidate, you do not need to worry
187 <div class=
"item" id=
"news-3.1.0rc1-released">
188 <h3 class=
"title">HTML Purifier
3.1.0 release candidate
</h3>
189 <div class=
"date">Tue,
22 Apr
2008 02:
51:
00 EST
</div>
193 I assure you, this has
<em>never
</em> happened before to HTML Purifier;
194 never before have we had a release candidate. I assure you, there is
195 something big with this release, and that's why I am painstakingly
196 doing a release candidate before the official
3.1 series begins.
199 To read more about it, please check out the
200 <a href=
"news/2008/3.1.0rc1-released.html">3.1.0rc1 release candidate page
</a>.
206 </div> <!-- end news-container -->