Expat 2.8.2 released, fixes 13 vulnerabilitiesblog.hartwork.org3 points·by spyc·há 19 dias·0 comments
Expat 2.8.1 released, CVE-2026-45186 and CVSS unreliabilityblog.hartwork.org4 points·by spyc·há 2 meses·0 comments
Python 3.14 started enabling color for argparse by defaultgithub.com2 points·by spyc·há 6 meses·0 comments
Reconsider W3C Recommendation status of XSLT 2.0 and XSLT 3.0github.com11 points·by spyc·há 9 meses·1 comments
Expat 2.7.3 released, includes security fixesblog.hartwork.org2 points·by spyc·há 10 meses·0 comments
Expat 2.7.2 released, includes security fixesblog.hartwork.org1 points·by spyc·há 10 meses·0 comments
spyc·há 29 dias·discussBoth libexpat ("Expat") and uriparser are following the curl security vacation and will not accept new vulnerability reports before 2026-08-01, starting today.[1] https://github.com/libexpat/libexpat/issues/1277[2] https://github.com/uriparser/uriparser/issues/323
spyc·há 7 meses·discussThe current implementation breaks semantics of functions with tail recursion from within loops: https://github.com/raaidrt/tacopy/issues/1
spyc·há 9 meses·discussPotentially the movie itself is also or more of interest. The related thread is: https://news.ycombinator.com/item?id=45056377
spyc·ano passado·discussBoth implementations of doas for Linux have (the same) unfixed security issue:- https://github.com/Duncaen/OpenDoas/issues/106- https://github.com/slicer69/doas/issues/110I have a hard time recommending doas over sudo on Linux when the issue has been fixed in sudo but not in doas.
spyc·ano passado·discussLost trust for sure. Who knows if Redis would be AGPL now if Valkey did not exist.
[1] https://github.com/libexpat/libexpat/issues/1277
[2] https://github.com/uriparser/uriparser/issues/323