From 6f389f0f25b90d0b495308efcfa073981177f0fd Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Sat, 30 Nov 2013 00:25:19 -0800 Subject: [PATCH] Release 4.6.0. Signed-off-by: Edward Z. Yang --- Doxyfile | 2 +- FOCUS | 2 +- NEWS | 2 +- VERSION | 2 +- WHATSNEW | 11 +++++------ library/HTMLPurifier.includes.php | 2 +- library/HTMLPurifier.php | 6 +++--- library/HTMLPurifier/Config.php | 2 +- 8 files changed, 14 insertions(+), 15 deletions(-) diff --git a/Doxyfile b/Doxyfile index 7a62422d..b6130b9b 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = HTMLPurifier # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 4.5.0 +PROJECT_NUMBER = 4.6.0 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/FOCUS b/FOCUS index 590c186f..e13b9aa0 100644 --- a/FOCUS +++ b/FOCUS @@ -1,4 +1,4 @@ -4 - Minor feature enhancements +9 - Major security fixes [ Appendix A: Release focus IDs ] 0 - N/A diff --git a/NEWS b/NEWS index 660eb30e..90a05462 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier . Internal change ========================== -4.6.0, unknown release date +4.6.0, released 2013-11-30 # Secure URI munge hashing algorithm has changed to hash_hmac("sha256", $url, $secret). Please update any verification scripts you may have. # URI parsing algorithm was made more strict, so only prefixes which diff --git a/VERSION b/VERSION index ae153944..28446a5e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -4.5.0 \ No newline at end of file +4.6.0 \ No newline at end of file diff --git a/WHATSNEW b/WHATSNEW index 534cdede..7464cbc3 100644 --- a/WHATSNEW +++ b/WHATSNEW @@ -1,6 +1,5 @@ -HTML Purifier 4.5.0 is a minor bugfix and feature release, containing an -accumulation of changes over a year. CSS support has been extended to -support display:inline-block, white-space, underscores in font families, -page-break-* CSS3 properties (when proprietary is enabled.) We now use -SHA-1 to identify cached definitions, and the semantics of stacked -attribute transforms has changed slightly. +HTML Purifier 4.6.0 is a major security release, fixing numerous bad +quadratic asymptotics in HTML Purifier's core algorithms. Most users will +see a decent speedup on large inputs, although small inputs may take +longer. Additionally, the secure URI munging algorithm has changed to +do a proper HMAC. There are some other miscellaneous bugfixes as well. diff --git a/library/HTMLPurifier.includes.php b/library/HTMLPurifier.includes.php index 28a93de9..9b7b88a8 100644 --- a/library/HTMLPurifier.includes.php +++ b/library/HTMLPurifier.includes.php @@ -7,7 +7,7 @@ * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS * FILE, changes will be overwritten the next time the script is run. * - * @version 4.5.0 + * @version 4.6.0 * * @warning * You must *not* include any other HTML Purifier files before this file, diff --git a/library/HTMLPurifier.php b/library/HTMLPurifier.php index bf8f4a61..6f654fde 100644 --- a/library/HTMLPurifier.php +++ b/library/HTMLPurifier.php @@ -19,7 +19,7 @@ */ /* - HTML Purifier 4.5.0 - Standards Compliant HTML Filtering + HTML Purifier 4.6.0 - Standards Compliant HTML Filtering Copyright (C) 2006-2008 Edward Z. Yang This library is free software; you can redistribute it and/or @@ -58,12 +58,12 @@ class HTMLPurifier * Version of HTML Purifier. * @type string */ - public $version = '4.5.0'; + public $version = '4.6.0'; /** * Constant with version of HTML Purifier. */ - const VERSION = '4.5.0'; + const VERSION = '4.6.0'; /** * Global configuration object. diff --git a/library/HTMLPurifier/Config.php b/library/HTMLPurifier/Config.php index 4b2f439e..7ada59b9 100644 --- a/library/HTMLPurifier/Config.php +++ b/library/HTMLPurifier/Config.php @@ -21,7 +21,7 @@ class HTMLPurifier_Config * HTML Purifier's version * @type string */ - public $version = '4.5.0'; + public $version = '4.6.0'; /** * Whether or not to automatically finalize -- 2.11.4.GIT