Skip to content

Commit 3e4b09c

Browse files
Prepare 1.8.1 (#133)
1 parent 27b70b1 commit 3e4b09c

2 files changed

Lines changed: 9 additions & 0 deletions

File tree

docs/changelog.rst

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,14 @@
11
Changelog
22
=========
33

4+
v1.8.1 (2026-06-16)
5+
-------------------
6+
7+
**Security**
8+
9+
* Hardened XML parsing against the Billion Laughs attack by refusing to parse XML documents containing DOCTYPE or ENTITY declarations (which should not be present in valid sitemaps) (:ghsa:`GHSA-p5wc-9w9r-m232` by :user:`EQSTLab`)
10+
* Hardened GZIP compression against decompression bomb attacks by decompressing only up to the configured maximum sitemap size (:ghsa:`GHSA-8823-qg2x-pv9f` by :user:`EQSTLab`)
11+
412
v1.8.0 (2026-01-25)
513
-------------------
614

docs/conf.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@
7171
'pr': (f'{_gh_root}/pull/%s', '#%s'),
7272
'user': (f'https://github.com/%s', '@%s'),
7373
'commit': (f'{_gh_root}/commit/%s', '%.7s'),
74+
'ghsa': (f'{_gh_root}/security/advisories/%s', '%s'),
7475
}
7576

7677
graphviz_output_format = 'svg'

0 commit comments

Comments
 (0)