github ekalinin/sitemap.js 9.0.1
9.0.1 — Security Patch
on GitHub

latest releases: 7.1.3, 8.0.3
9 hours ago

Security Fixes

  • BB-01: Fix XML injection via unescaped xslUrl in stylesheet processing instruction
  • BB-02: Enforce 50,000 URL hard limit in XMLToSitemapItemStream parser
  • BB-03: Cap parser error array at 100 entries to prevent memory DoS
  • BB-04: Reject absolute destinationDir paths in simpleSitemapAndIndex to prevent arbitrary file writes
  • BB-05: parseSitemapIndex now destroys source and parser streams immediately when maxEntries limit is exceeded
  • Many thanks to @maru1009 For the report
Check out latest releases or
releases around ekalinin/sitemap.js 9.0.1

Don't miss a new sitemap.js release

NewReleases is sending notifications on new releases.

Get notifications