news.xhtml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   3     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   4 <html xmlns="http://www.w3.org/1999/xhtml"
   5       xmlns:xi="http://www.w3.org/2001/XInclude"
   6       xmlns:xc="urn:xhtml-compiler"
   7       xmlns:rss="urn:xhtml-compiler:RSSGenerator"
   8       xmlns:svn="urn:xhtml-compiler:Subversion"
   9       svn:head-url="$HeadURL: svn+ssh://ezyang@htmlpurifier.org/svnroot/htmlpurifier-web/trunk/index.xhtml $"
  10       svn:revision="$Revision: 1139 $"
  11       xml:lang="en">
  12 <head>
  13 <title>News - HTML Purifier</title>
  14 <xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
  15 <meta name="description"
  16       content="Recent news related to HTML Purifier." />
  17 <meta name="keywords"
  18       content="HTMLPurifier, HTML Purifier, HTML, filter, filtering, standards, compliant, w3c, news, blog, releases, rss" />
  19 <link rel="alternate" type="application/rss+xml"
  20       title="News - HTML Purifier" href="news.rss"
  21       rss:for="news-container"
  22       rss:description="Recent news and updates on HTML Purifier" />
  23 </head>
  24 <body>
  25
  26 <xi:include href="common-header.xml" xpointer="xpointer(/*/node())" />
  27 <h1 id="title">News</h1>
  28
  29 <div id="content">
  30
  31 <xi:include href="download-box.xml" xpointer="xpointer(/*/node())" />
  32
  33 <div id="news-container" class="news">
  34
  35 <div class="item" id="git">
  36   <h3 class="title">Switching to Git</h3>
  37   <div class="date">Mon, 23 June 2008 22:42:00 EST</div>
  38
  39   <div class="body">
  40     <p>
  41       After several weeks of testing, HTML Purifier is proud to announce that
  42       it will be switching to Git as its source control management system.
  43       Git offers a number of advantages over Subversion:
  44     </p>
  45     <ul>
  46       <li>
  47         <em>Superior support for branchy development.</em> Subversion 1.5 introduces
  48         merge-tracking which somewhat diminishes this benefit, but implementing
  49         that is entirely at the whimsy of Dreamhost, which I am not going to
  50         bother with.
  51       </li>
  52       <li>
  53         <em>Increased possibility for user participation.</em> Git makes it extremely
  54         easy to do local development and submit patches.
  55       </li>
  56       <li>
  57         <em>Data redundancy.</em> Every user has a complete copy of HTML Purifier's
  58         history, making it extremely difficult to lose data. This is opposed
  59         to our current setup, where htmlpurifier.org is a central point of failure,
  60         and backups are sent to only one other machine.
  61       </li>
  62       <li>
  63         <em>Performance.</em> Git is fast, both in terms of disk operations
  64         and network operations. Gone are the days of waiting several minutes
  65         for Subversion to finish committing.
  66       </li>
  67     </ul>
  68     <p>
  69       Currently, only <code>htmlpurifier</code> has been migrated to Git;
  70       <code>htmlpurifier-web</code> will be migrated after any kinks are
  71       worked out. There are number of features such as nightly snapshot
  72       generation and contributor documentation that needs to be written.
  73     </p>
  74     <p>
  75       We will be using <a href="http://repo.or.cz/w/htmlpurifier.git">repo.or.cz</a>
  76       as our primary remote repository; push access will be administered there,
  77       and changes will be mirrored (courtesy of a script by aeruder at #git)
  78       to a repository hosted at <a href="http://git.htmlpurifier.org">git.htmlpurifier.org</a>
  79       as well as <a href="http://github.com/ezyang/htmlpurifier/tree/master">GitHub</a>.
  80       If you want to grab a development copy, use this command:
  81     </p>
  82     <pre>git clone git://repo.or.cz/htmlpurifier.git</pre>
  83     <p>
  84       Feel free to play around, and register comments and complaints at
  85       <a href="phorum">the forum</a>.
  86     </p>
  87   </div>
  88 </div>
  89
  90 <div class="item" id="news-3.1.1-released">
  91   <h3 class="title">HTML Purifier 3.1.1 released</h3>
  92   <div class="date">Thu, 19 June 2008 17:57:00 EST</div>
  93
  94   <div class="body">
  95     <p>
  96       HTML Purifier 3.1.1 is a security and bugfix release. This release addresses
  97       two security vulnerabilities, both related to <abbr>CSS</abbr>, and one of which only
  98       applies to users using Shift_JIS as their output encoding. There is also
  99       a security improvement regarding the imagecrash attack. There is a backwards
 100       incompatible change with %URI.Munge, in which resources are no longer munged
 101       by default; please enable using %URI.MungeResources. Besides this, there
 102       are numerous improvements to <abbr>URI</abbr> munging, esp. with the addition of
 103       %URI.MungeSecretKey, as well as an experimental implementation of
 104       %HTML.SafeObject and %HTML.SafeEmbed. There are also some memory optimizations.
 105     </p>
 106     <p>
 107       As a security release, please update as quickly as possible. Care has been
 108       taken to prevent backwards-compatibiilty breakage this time (something that
 109       plagued users who tried to upgrade to 3.1.0), there is only one slight break
 110       related to a bugfix that can be easily undone with %URI.MungeResources.
 111     </p>
 112     <p>
 113       See <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/3.1.1/NEWS">NEWS</a>
 114       for a complete changelog. There were numerous added configuration directives
 115       not mentioned above.
 116     </p>
 117     <p>
 118       Along with this release, we would like to announce full disclosure on
 119       the security vulnerability patched in 3.1.0. Please see
 120       <a href="security/2008/http-protocol-removal.html"><abbr>HTTP</abbr> Protocol Removal</a>
 121       for more information about the vulnerability affecting versions prior
 122       to 3.1.0 and 2.1.4.
 123     </p>
 124     <p>
 125       Finally, the security fixes and bug fixes were backported to our PHP4
 126       branch with the release of HTML Purifier 2.1.5. See
 127       <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.5/NEWS">NEWS (PHP4)</a>
 128       for a complete changelog.
 129     </p>
 130   </div>
 131 </div>
 132
 133 <div class="item" id="news-2.1.4-released">
 134   <h3 class="title">HTML Purifier 2.1.4 released</h3>
 135   <div class="date">Sun, 18 May 2008 15:27:00 EST</div>
 136
 137   <div class="body">
 138     <p>
 139       This is a security and bugfix release for the HTML Purifier 2.1
 140       series, and should only be downloaded by developers stuck on
 141       <abbr>PHP</abbr> 4. <strong>Important:</strong> Please upgrade your
 142       libraries as quickly as
 143       possible. The vulnerability was discovered internally, and no known
 144       exploits have been found in the wild. This is the same vulnerability
 145       as was fixed in HTML Purifier 3.1.0.
 146     </p>
 147     <p>
 148       See <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.4/NEWS">NEWS</a>
 149       for a complete changelog.
 150     </p>
 151   </div>
 152 </div>
 153
 154 <div class="item" id="news-3.1.0-released">
 155   <h3 class="title">HTML Purifier 3.1.0 released</h3>
 156   <div class="date">Sun, 08 May 2008 14:04:00 EST</div>
 157
 158   <div class="body">
 159     <p>
 160       HTML Purifier 3.1.0 is the first offical stable release for 3.1 series.
 161       It improves HTML Purifier's integration with <abbr>PHP</abbr> 5, mainly
 162       through the new use of autoloading.
 163       It also includes support for the !important CSS modifier,
 164       display and visibility CSS properties with %CSS.AllowTricky, marquee with
 165       %HTML.Proprietary (had you scared for a moment, hmm?), a kses() wrapper,
 166       %CSS.AllowedProperties, %HTML.ForbiddenAttributes and
 167       %HTML.ForbiddenElements and a totally revamped ConfigDoc system. Since the
 168       release candidate, there have also been a number of stability fixes such as
 169       improved URI escaping, a change in serializer ID format, and a relaxed
 170       format for %HTML.Allowed. And as always, numerous bugfixes.
 171     </p>
 172     <p>
 173       <strong>Important:</strong> HTML Purifier 3.1.0 also fixes a
 174       security vulnerability. Please upgrade your libraries as quickly as
 175       possible. The vulnerability was discovered internally, and no known
 176       exploits have been found in the wild.
 177     </p>
 178     <p>
 179       For a detailed migration guide, please see the
 180       <a href="news/2008/3.1.0-released.html">3.1.0 release page</a>. If
 181       you had been using the release candidate, you do not need to worry
 182       about this.
 183     </p>
 184   </div>
 185 </div>
 186
 187 <div class="item" id="news-3.1.0rc1-released">
 188   <h3 class="title">HTML Purifier 3.1.0 release candidate</h3>
 189   <div class="date">Tue, 22 Apr 2008 02:51:00 EST</div>
 190
 191   <div class="body">
 192     <p>
 193       I assure you, this has <em>never</em> happened before to HTML Purifier;
 194       never before have we had a release candidate. I assure you, there is
 195       something big with this release, and that's why I am painstakingly
 196       doing a release candidate before the official 3.1 series begins.
 197     </p>
 198     <p>
 199       To read more about it, please check out the
 200       <a href="news/2008/3.1.0rc1-released.html">3.1.0rc1 release candidate page</a>.
 201     </p>
 202   </div>
 203 </div>
 204
 205
 206 </div> <!-- end news-container -->
 207
 208 </div>
 209
 210 </body>
 211 </html>