Remove exception, as we check for it later

[htmlpurifier-web.git] / news.xhtml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:xi="http://www.w3.org/2001/XInclude"
      xmlns:xc="urn:xhtml-compiler"
      xmlns:rss="urn:xhtml-compiler:RSSGenerator"
      xmlns:svn="urn:xhtml-compiler:Subversion"
      svn:head-url="$HeadURL: svn+ssh://ezyang@htmlpurifier.org/svnroot/htmlpurifier-web/trunk/index.xhtml $"
      svn:revision="$Revision: 1139 $"
      xml:lang="en">
<head>
<title>News - HTML Purifier</title>
<xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
<meta name="description"
      content="Recent news related to HTML Purifier." />
<meta name="keywords"
      content="HTMLPurifier, HTML Purifier, HTML, filter, filtering, standards, compliant, w3c, news, blog, releases, rss" />
<link rel="alternate" type="application/rss+xml"
      title="News - HTML Purifier" href="news.rss"
      rss:for="news-container"
      rss:description="Recent news and updates on HTML Purifier" />
</head>
<body>

<xi:include href="common-header.xml" xpointer="xpointer(/*/node())" />
<h1 id="title">News</h1>

<div id="content">

<xi:include href="download-box.xml" xpointer="xpointer(/*/node())" />

<div id="news-container" class="news">

<div class="item" id="news-3.1.1-released">
  <h3 class="title">HTML Purifier 3.1.1 released</h3>
  <div class="date">Thu, 19 June 2008 17:57:00 EST</div>
  
  <div class="body">
    <p>
      HTML Purifier 3.1.1 is a security and bugfix release. This release addresses
      two security vulnerabilities, both related to <abbr>CSS</abbr>, and one of which only
      applies to users using Shift_JIS as their output encoding. There is also
      a security improvement regarding the imagecrash attack. There is a backwards
      incompatible change with %URI.Munge, in which resources are no longer munged
      by default; please enable using %URI.MungeResources. Besides this, there
      are numerous improvements to <abbr>URI</abbr> munging, esp. with the addition of
      %URI.MungeSecretKey, as well as an experimental implementation of 
      %HTML.SafeObject and %HTML.SafeEmbed. There are also some memory optimizations.
    </p>
    <p>
      As a security release, please update as quickly as possible. Care has been
      taken to prevent backwards-compatibiilty breakage this time (something that
      plagued users who tried to upgrade to 3.1.0), there is only one slight break
      related to a bugfix that can be easily undone with %URI.MungeResources.
    </p>
    <p>
      See <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/3.1.1/NEWS">NEWS</a>
      for a complete changelog. There were numerous added configuration directives
      not mentioned above.
    </p>
    <p>
      Along with this release, we would like to announce full disclosure on
      the security vulnerability patched in 3.1.0. Please see 
      <a href="security/2008/http-protocol-removal.html"><abbr>HTTP</abbr> Protocol Removal</a>
      for more information about the vulnerability affecting versions prior
      to 3.1.0 and 2.1.4.
    </p>
    <p>
      Finally, the security fixes and bug fixes were backported to our PHP4
      branch with the release of HTML Purifier 2.1.5. See
      <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.5/NEWS">NEWS (PHP4)</a>
      for a complete changelog.
    </p>
  </div>
</div>

<div class="item" id="news-2.1.4-released">
  <h3 class="title">HTML Purifier 2.1.4 released</h3>
  <div class="date">Sun, 18 May 2008 15:27:00 EST</div>
  
  <div class="body">
    <p>
      This is a security and bugfix release for the HTML Purifier 2.1
      series, and should only be downloaded by developers stuck on
      <abbr>PHP</abbr> 4. <strong>Important:</strong> Please upgrade your
      libraries as quickly as
      possible. The vulnerability was discovered internally, and no known
      exploits have been found in the wild. This is the same vulnerability
      as was fixed in HTML Purifier 3.1.0.
    </p>
    <p>
      See <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.4/NEWS">NEWS</a>
      for a complete changelog.
    </p>
  </div>
</div>

<div class="item" id="news-3.1.0-released">
  <h3 class="title">HTML Purifier 3.1.0 released</h3>
  <div class="date">Sun, 08 May 2008 14:04:00 EST</div>
  
  <div class="body">
    <p>
      HTML Purifier 3.1.0 is the first offical stable release for 3.1 series.
      It improves HTML Purifier's integration with <abbr>PHP</abbr> 5, mainly
      through the new use of autoloading.
      It also includes support for the !important CSS modifier,
      display and visibility CSS properties with %CSS.AllowTricky, marquee with
      %HTML.Proprietary (had you scared for a moment, hmm?), a kses() wrapper,
      %CSS.AllowedProperties, %HTML.ForbiddenAttributes and
      %HTML.ForbiddenElements and a totally revamped ConfigDoc system. Since the
      release candidate, there have also been a number of stability fixes such as
      improved URI escaping, a change in serializer ID format, and a relaxed
      format for %HTML.Allowed. And as always, numerous bugfixes.
    </p>
    <p>
      <strong>Important:</strong> HTML Purifier 3.1.0 also fixes a 
      security vulnerability. Please upgrade your libraries as quickly as
      possible. The vulnerability was discovered internally, and no known
      exploits have been found in the wild.
    </p>
    <p>
      For a detailed migration guide, please see the
      <a href="news/2008/3.1.0-released.html">3.1.0 release page</a>. If
      you had been using the release candidate, you do not need to worry
      about this.
    </p>
  </div>
</div>

<div class="item" id="news-3.1.0rc1-released">
  <h3 class="title">HTML Purifier 3.1.0 release candidate</h3>
  <div class="date">Tue, 22 Apr 2008 02:51:00 EST</div>
  
  <div class="body">
    <p>
      I assure you, this has <em>never</em> happened before to HTML Purifier;
      never before have we had a release candidate. I assure you, there is
      something big with this release, and that's why I am painstakingly
      doing a release candidate before the official 3.1 series begins.
    </p>
    <p>
      To read more about it, please check out the
      <a href="news/2008/3.1.0rc1-released.html">3.1.0rc1 release candidate page</a>.
    </p>
  </div>
</div>

<div class="item" id="news-3.0.0-released">
  <h3 class="title">HTML Purifier 3.0.0 released</h3>
  <div class="date">Sun, 06 Jan 2008 10:44:00 EST</div>
  
  <div class="body">
    <p>
      Release 3.0.0 is the first release of 2008 and also HTML Purifier's first
      <a href="http://gophp5.org/">PHP 5 only</a> release.
      The 2.1 series will still
      <a href="download.html#PHP4">be supported for bug and security fixes,</a>
      but will not get new features. This release a number of
      improvements in <abbr>CSS</abbr> handling, including the filter
      <code>HTMLPurifier_Filter_ExtractStyleBlocks</code> which integrates
      HTML Purifier with
      <a href="http://csstidy.sourceforge.net/">CSSTidy</a> for cleaning style sheets
      (see the source code file for more information on usage), contains
      experimental support for
      proprietary <abbr>CSS</abbr> properties with %CSS.Proprietary, case-insensitive
      <abbr>CSS</abbr> properties, and more lenient hexadecimal color codes. Also, all code
      has been upgraded to full <abbr>PHP</abbr> 5 and is 
      <code>E_STRICT</code> clean for all versions of PHP 5 (including the
      5.0 series, which previously had parse-time errors).
    </p>
    <p>
      See <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/3.0.0/NEWS">NEWS</a>
      for a complete changelog.
    </p>
  </div>
</div>


</div> <!-- end news-container -->

</div>

</body>
</html>