1 <?xml version=
"1.0" encoding=
"UTF-8"?>
2 <!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
3 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4 <html xmlns=
"http://www.w3.org/1999/xhtml"
5 xmlns:
xi=
"http://www.w3.org/2001/XInclude"
6 xmlns:
xc=
"urn:xhtml-compiler"
7 xmlns:
rss=
"urn:xhtml-compiler:RSSGenerator"
8 xmlns:
svn=
"urn:xhtml-compiler:Subversion"
9 svn:
head-url=
"$HeadURL: svn+ssh://ezyang@htmlpurifier.org/svnroot/htmlpurifier-web/trunk/index.xhtml $"
10 svn:
revision=
"$Revision: 1139 $"
13 <title>News - HTML Purifier
</title>
14 <xi:include href=
"common-meta.xml" xpointer=
"xpointer(/*/node())" />
15 <meta name=
"description"
16 content=
"Recent news related to HTML Purifier." />
18 content=
"HTMLPurifier, HTML Purifier, HTML, filter, filtering, standards, compliant, w3c, news, blog, releases, rss" />
19 <link rel=
"alternate" type=
"application/rss+xml"
20 title=
"News - HTML Purifier" href=
"news.rss"
21 rss:
for=
"news-container"
22 rss:
description=
"Recent news and updates on HTML Purifier" />
26 <xi:include href=
"common-header.xml" xpointer=
"xpointer(/*/node())" />
27 <h1 id=
"title">News
</h1>
31 <xi:include href=
"download-box.xml" xpointer=
"xpointer(/*/node())" />
33 <div id=
"news-container" class=
"news">
35 <div class=
"item" id=
"news-3.1.1-released">
36 <h3 class=
"title">HTML Purifier
3.1.1 released
</h3>
37 <div class=
"date">Thu,
19 June
2008 17:
57:
00 EST
</div>
41 HTML Purifier
3.1.1 is a security and bugfix release. This release addresses
42 two security vulnerabilities, both related to
<abbr>CSS
</abbr>, and one of which only
43 applies to users using Shift_JIS as their output encoding. There is also
44 a security improvement regarding the imagecrash attack. There is a backwards
45 incompatible change with %URI.Munge, in which resources are no longer munged
46 by default; please enable using %URI.MungeResources. Besides this, there
47 are numerous improvements to
<abbr>URI
</abbr> munging, esp. with the addition of
48 %URI.MungeSecretKey, as well as an experimental implementation of
49 %HTML.SafeObject and %HTML.SafeEmbed. There are also some memory optimizations.
52 As a security release, please update as quickly as possible. Care has been
53 taken to prevent backwards-compatibiilty breakage this time (something that
54 plagued users who tried to upgrade to
3.1.0), there is only one slight break
55 related to a bugfix that can be easily undone with %URI.MungeResources.
58 See
<a href=
"http://htmlpurifier.org/svnroot/htmlpurifier/tags/3.1.1/NEWS">NEWS
</a>
59 for a complete changelog. There were numerous added configuration directives
63 Along with this release, we would like to announce full disclosure on
64 the security vulnerability patched in
3.1.0. Please see
65 <a href=
"security/2008/http-protocol-removal.html"><abbr>HTTP
</abbr> Protocol Removal
</a>
66 for more information about the vulnerability affecting versions prior
70 Finally, the security fixes and bug fixes were backported to our PHP4
71 branch with the release of HTML Purifier
2.1.5. See
72 <a href=
"http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.5/NEWS">NEWS (PHP4)
</a>
73 for a complete changelog.
78 <div class=
"item" id=
"news-2.1.4-released">
79 <h3 class=
"title">HTML Purifier
2.1.4 released
</h3>
80 <div class=
"date">Sun,
18 May
2008 15:
27:
00 EST
</div>
84 This is a security and bugfix release for the HTML Purifier
2.1
85 series, and should only be downloaded by developers stuck on
86 <abbr>PHP
</abbr> 4.
<strong>Important:
</strong> Please upgrade your
87 libraries as quickly as
88 possible. The vulnerability was discovered internally, and no known
89 exploits have been found in the wild. This is the same vulnerability
90 as was fixed in HTML Purifier
3.1.0.
93 See
<a href=
"http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.4/NEWS">NEWS
</a>
94 for a complete changelog.
99 <div class=
"item" id=
"news-3.1.0-released">
100 <h3 class=
"title">HTML Purifier
3.1.0 released
</h3>
101 <div class=
"date">Sun,
08 May
2008 14:
04:
00 EST
</div>
105 HTML Purifier
3.1.0 is the first offical stable release for
3.1 series.
106 It improves HTML Purifier's integration with
<abbr>PHP
</abbr> 5, mainly
107 through the new use of autoloading.
108 It also includes support for the !important CSS modifier,
109 display and visibility CSS properties with %CSS.AllowTricky, marquee with
110 %HTML.Proprietary (had you scared for a moment, hmm?), a kses() wrapper,
111 %CSS.AllowedProperties, %HTML.ForbiddenAttributes and
112 %HTML.ForbiddenElements and a totally revamped ConfigDoc system. Since the
113 release candidate, there have also been a number of stability fixes such as
114 improved URI escaping, a change in serializer ID format, and a relaxed
115 format for %HTML.Allowed. And as always, numerous bugfixes.
118 <strong>Important:
</strong> HTML Purifier
3.1.0 also fixes a
119 security vulnerability. Please upgrade your libraries as quickly as
120 possible. The vulnerability was discovered internally, and no known
121 exploits have been found in the wild.
124 For a detailed migration guide, please see the
125 <a href=
"news/2008/3.1.0-released.html">3.1.0 release page
</a>. If
126 you had been using the release candidate, you do not need to worry
132 <div class=
"item" id=
"news-3.1.0rc1-released">
133 <h3 class=
"title">HTML Purifier
3.1.0 release candidate
</h3>
134 <div class=
"date">Tue,
22 Apr
2008 02:
51:
00 EST
</div>
138 I assure you, this has
<em>never
</em> happened before to HTML Purifier;
139 never before have we had a release candidate. I assure you, there is
140 something big with this release, and that's why I am painstakingly
141 doing a release candidate before the official
3.1 series begins.
144 To read more about it, please check out the
145 <a href=
"news/2008/3.1.0rc1-released.html">3.1.0rc1 release candidate page
</a>.
150 <div class=
"item" id=
"news-3.0.0-released">
151 <h3 class=
"title">HTML Purifier
3.0.0 released
</h3>
152 <div class=
"date">Sun,
06 Jan
2008 10:
44:
00 EST
</div>
156 Release
3.0.0 is the first release of
2008 and also HTML Purifier's first
157 <a href=
"http://gophp5.org/">PHP
5 only
</a> release.
158 The
2.1 series will still
159 <a href=
"download.html#PHP4">be supported for bug and security fixes,
</a>
160 but will not get new features. This release a number of
161 improvements in
<abbr>CSS
</abbr> handling, including the filter
162 <code>HTMLPurifier_Filter_ExtractStyleBlocks
</code> which integrates
164 <a href=
"http://csstidy.sourceforge.net/">CSSTidy
</a> for cleaning style sheets
165 (see the source code file for more information on usage), contains
166 experimental support for
167 proprietary
<abbr>CSS
</abbr> properties with %CSS.Proprietary, case-insensitive
168 <abbr>CSS
</abbr> properties, and more lenient hexadecimal color codes. Also, all code
169 has been upgraded to full
<abbr>PHP
</abbr> 5 and is
170 <code>E_STRICT
</code> clean for all versions of PHP
5 (including the
171 5.0 series, which previously had parse-time errors).
174 See
<a href=
"http://htmlpurifier.org/svnroot/htmlpurifier/tags/3.0.0/NEWS">NEWS
</a>
175 for a complete changelog.
181 </div> <!-- end news-container -->