• Expat Introduction: libexpat is a fast streaming XML parser, one of the most widely used software libre XML parsers in C (C99), cross-platform and licensed under the MIT license. It is alongside libxml2.
• Expat 2.6.2 Release: Released earlier today, it has a detailed call-for-help banner at the top of the change log. It is said that "XKCD 2347 is libexpat". If an employer or business depends on Expat's security (e.g., for parsing input from uploaded files or network), it should get attention.
• Release Content: Fixes security issue [CVE-2024-28757] that can cause denial of service in certain code. The commit message explains the problem and solution in more detail. Also has a bugfix to reject direct parameter entity recursion and avoid related undefined behavior, which was uncovered by ClusterFuzz/OSS-Fuzz after 20+ years.
• Update Notice: For those maintaining Expat packaging or a bundled copy, update to 2.6.2. Thank you to Sebastian Pipping.