Skip to content

Commit 44c5d42

Browse files
committed
Version 2.5.1
1 parent cfc9175 commit 44c5d42

File tree

2 files changed

+22
-1
lines changed

2 files changed

+22
-1
lines changed

NEWS.rst

+21
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,27 @@
33
======
44

55

6+
Version 2.5.1 released on 2021-01-06
7+
====================================
8+
9+
**WARNING:** this is a security update.
10+
11+
When processing SVG files, CairoSVG was using two regular expressions which are
12+
vulnerable to Regular Expression Denial of Service (REDoS).
13+
14+
If an attacker provided a malicious SVG, it could make CairoSVG get stuck
15+
processing the file for a very long time.
16+
17+
Other bug fixes:
18+
19+
* Fix marker positions for unclosed paths
20+
* Follow hint when only output_width or output_height is set
21+
* Handle opacity on raster images
22+
* Don’t crash when use tags reference unknown tags
23+
* Take care of the next letter when A/a is replaced by l
24+
* Fix misalignment in node.vertices
25+
26+
627
Version 2.5.0 released on 2020-10-29
728
====================================
829

cairosvg/VERSION

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
2.5.0
1+
2.5.1

0 commit comments

Comments
 (0)