Dear freshmeat.net subscriber,
jorton just announced version 0.28.6 of neon on freshmeat.net.
The changes are as follows:
This release fixes two security issues. The "billion laughs" XML entity
expansion attack allowed a denial of service by a malicious server if neon was
linked against expat. The handling of NUL bytes in an SSL certificate subject
name allowed a possible MITM attack.
neon is an HTTP and WebDAV client library for Unix systems, with a C language
API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a
low-level interface to HTTP request/response handling, allowing new methods to
be easily implemented.
Detailed history and release notes are available here:
If you want to change your subscription to this project, please log in to: