news.xhtml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   3     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   4 <html xmlns="http://www.w3.org/1999/xhtml"
   5       xmlns:xi="http://www.w3.org/2001/XInclude"
   6       xmlns:xc="urn:xhtml-compiler"
   7       xmlns:rss="urn:xhtml-compiler:RSSGenerator"
   8       xmlns:news="urn:xhtml-compiler:News"
   9       xml:lang="en">
  10 <head>
  11 <title>News - HTML Purifier</title>
  12 <xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
  13 <meta name="description"
  14       content="Recent news related to HTML Purifier." />
  15 <meta name="keywords"
  16       content="HTMLPurifier, HTML Purifier, HTML, filter, filtering, standards, compliant, w3c, news, blog, releases, rss" />
  17 <link rel="alternate" type="application/rss+xml"
  18       title="News - HTML Purifier" href="news.rss"
  19       rss:for="news-container"
  20       rss:description="Recent news and updates on HTML Purifier" />
  21 </head>
  22 <body>
  23
  24 <xi:include href="common-header.xml" xpointer="xpointer(/*/node())" />
  25 <h1 id="title">News</h1>
  26
  27 <div id="content">
  28
  29 <xi:include href="download-box.xml" xpointer="xpointer(/*/node())" />
  30
  31 <div>
  32
  33 <div class="item" id="git">
  34   <h3 class="title">Switching to Git</h3>
  35   <div class="date">Mon, 23 June 2008 22:42:00 EST</div>
  36
  37   <div class="body">
  38     <p>
  39       After several weeks of testing, HTML Purifier is proud to announce that
  40       it will be switching to Git as its source control management system.
  41       Git offers a number of advantages over Subversion:
  42     </p>
  43     <ul>
  44       <li>
  45         <em>Superior support for branchy development.</em> Subversion 1.5 introduces
  46         merge-tracking which somewhat diminishes this benefit, but implementing
  47         that is entirely at the whimsy of Dreamhost, which I am not going to
  48         bother with.
  49       </li>
  50       <li>
  51         <em>Increased possibility for user participation.</em> Git makes it extremely
  52         easy to do local development and submit patches.
  53       </li>
  54       <li>
  55         <em>Data redundancy.</em> Every user has a complete copy of HTML Purifier's
  56         history, making it extremely difficult to lose data. This is opposed
  57         to our current setup, where htmlpurifier.org is a central point of failure,
  58         and backups are sent to only one other machine.
  59       </li>
  60       <li>
  61         <em>Performance.</em> Git is fast, both in terms of disk operations
  62         and network operations. Gone are the days of waiting several minutes
  63         for Subversion to finish committing.
  64       </li>
  65     </ul>
  66     <p>
  67       Currently, only <code>htmlpurifier</code> has been migrated to Git;
  68       <code>htmlpurifier-web</code> will be migrated after any kinks are
  69       worked out. There are number of features such as nightly snapshot
  70       generation and contributor documentation that needs to be written.
  71     </p>
  72     <p>
  73       We will be using <a href="http://repo.or.cz/w/htmlpurifier.git">repo.or.cz</a>
  74       as our primary remote repository; push access will be administered there,
  75       and changes will be mirrored (courtesy of a script by aeruder at #git)
  76       to a repository hosted at <a href="http://git.htmlpurifier.org">git.htmlpurifier.org</a>
  77       as well as <a href="http://github.com/ezyang/htmlpurifier/tree/master">GitHub</a>.
  78       If you want to grab a development copy, use this command:
  79     </p>
  80     <pre>git clone git://repo.or.cz/htmlpurifier.git</pre>
  81     <p>
  82       Feel free to play around, and register comments and complaints at
  83       <a href="phorum">the forum</a>.
  84     </p>
  85   </div>
  86 </div>
  87
  88 <div class="item" id="news-3.1.1-released">
  89   <h3 class="title">HTML Purifier 3.1.1 released</h3>
  90   <div class="date">Thu, 19 June 2008 17:57:00 EST</div>
  91
  92   <div class="body">
  93     <p>
  94       HTML Purifier 3.1.1 is a security and bugfix release. This release addresses
  95       two security vulnerabilities, both related to <abbr>CSS</abbr>, and one of which only
  96       applies to users using Shift_JIS as their output encoding. There is also
  97       a security improvement regarding the imagecrash attack. There is a backwards
  98       incompatible change with %URI.Munge, in which resources are no longer munged
  99       by default; please enable using %URI.MungeResources. Besides this, there
 100       are numerous improvements to <abbr>URI</abbr> munging, esp. with the addition of
 101       %URI.MungeSecretKey, as well as an experimental implementation of
 102       %HTML.SafeObject and %HTML.SafeEmbed. There are also some memory optimizations.
 103     </p>
 104     <p>
 105       As a security release, please update as quickly as possible. Care has been
 106       taken to prevent backwards-compatibiilty breakage this time (something that
 107       plagued users who tried to upgrade to 3.1.0), there is only one slight break
 108       related to a bugfix that can be easily undone with %URI.MungeResources.
 109     </p>
 110     <p>
 111       See <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/3.1.1/NEWS">NEWS</a>
 112       for a complete changelog. There were numerous added configuration directives
 113       not mentioned above.
 114     </p>
 115     <p>
 116       Along with this release, we would like to announce full disclosure on
 117       the security vulnerability patched in 3.1.0. Please see
 118       <a href="security/2008/http-protocol-removal.html"><abbr>HTTP</abbr> Protocol Removal</a>
 119       for more information about the vulnerability affecting versions prior
 120       to 3.1.0 and 2.1.4.
 121     </p>
 122     <p>
 123       Finally, the security fixes and bug fixes were backported to our PHP4
 124       branch with the release of HTML Purifier 2.1.5. See
 125       <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.5/NEWS">NEWS (PHP4)</a>
 126       for a complete changelog.
 127     </p>
 128   </div>
 129 </div>
 130
 131 <div class="item" id="news-2.1.4-released">
 132   <h3 class="title">HTML Purifier 2.1.4 released</h3>
 133   <div class="date">Sun, 18 May 2008 15:27:00 EST</div>
 134
 135   <div class="body">
 136     <p>
 137       This is a security and bugfix release for the HTML Purifier 2.1
 138       series, and should only be downloaded by developers stuck on
 139       <abbr>PHP</abbr> 4. <strong>Important:</strong> Please upgrade your
 140       libraries as quickly as
 141       possible. The vulnerability was discovered internally, and no known
 142       exploits have been found in the wild. This is the same vulnerability
 143       as was fixed in HTML Purifier 3.1.0.
 144     </p>
 145     <p>
 146       See <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.1.4/NEWS">NEWS</a>
 147       for a complete changelog.
 148     </p>
 149   </div>
 150 </div>
 151
 152 </div>
 153
 154 <!-- New news container! -->
 155 <div news:source="news" id="news-container" class="news" />
 156
 157 </div>
 158
 159 </body>
 160 </html>