I'm pleased to announce that feedparser 5.0.1 is now available for download!
This is a security release, and I encourage everyone to upgrade as soon as possible. Three sanitizer-related issues were fixed in this release:
- Issue 91 (unexpected characters in XML declarations cause crashes)
- Issue 254 (sanitization can be bypassed by malformed XML comments)
- Issue 255 (the sanitizer doesn't strip unsafe URI schemes)
Special thanks to barry.haddow and db.pub.mail for reporting these bugs. As always, if you find bugs in feedparser, please don't hesitate to file a new report if one doesn't already exist!