Skip to content

Potential XXE vulnerability fix on XML-parsing#1596

Merged
dsyme merged 2 commits intofsprojects:mainfrom
Thorium:security-maintenance
Feb 21, 2026
Merged

Potential XXE vulnerability fix on XML-parsing#1596
dsyme merged 2 commits intofsprojects:mainfrom
Thorium:security-maintenance

Conversation

@Thorium
Copy link
Copy Markdown
Member

@Thorium Thorium commented Oct 28, 2025

Potential XXE vulnerability fix on XML-parsing

@dsyme dsyme merged commit 9403b12 into fsprojects:main Feb 21, 2026
2 checks passed
@dsyme
Copy link
Copy Markdown
Contributor

dsyme commented Feb 21, 2026

Thank you!

@github-actions github-actions Bot mentioned this pull request Feb 21, 2026
Closed
6 tasks
dsyme pushed a commit that referenced this pull request Feb 21, 2026
@dsyme
Prepare release notes for 6.6.0
e5c022e 
Consolidate all changes since 6.5.0 into RELEASE_NOTES.md
and mark 6.6.0 as released, opening 6.7.0 unreleased section.

Changes included in 6.6.0:
- Security fix: XXE vulnerability in XML parsing (#1596)
- Bug fix: XML provider uses XDocument reader instead of ReadToEnd (#1527)
- Performance: HTML parser CharList uses StringBuilder (~43% faster) (#1550)
- Performance: JSON string serialization bulk writes (#1562)
- Performance: RemoveAdorners fast-path for adorner-free strings (#1540)
- Feature: HTML HIDE_REPRESENTATION compile-time opt-in (#1499)
- Documentation: Fix links (#1597)
- Tests: Expanded coverage across all modules

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@dsyme dsyme mentioned this pull request Feb 23, 2026
Merged
This was referenced Feb 23, 2026
Closed
Closed
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dsyme dsyme dsyme approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Thorium @dsyme