Kurt McKee

lessons learned in production

Hey there! This article was written in 2011.

It might not have aged well for any number of reasons, so keep that in mind when reading (or clicking outgoing links!).

Announcing feedparser 5.0.1

Posted 20 February 2011 in feedparser and release

I'm pleased to announce that feedparser 5.0.1 is now available for download!

This is a security release, and I encourage everyone to upgrade as soon as possible. Three sanitizer-related issues were fixed in this release:

  • Issue 91 (unexpected characters in XML declarations cause crashes)
  • Issue 254 (sanitization can be bypassed by malformed XML comments)
  • Issue 255 (the sanitizer doesn't strip unsafe URI schemes)

Special thanks to barry.haddow and db.pub.mail for reporting these bugs. As always, if you find bugs in feedparser, please don't hesitate to file a new report if one doesn't already exist!