npm sitemap 7.1.3
7.1.3 — Security Patch
on Node.js NPM

7 hours ago

7.1.3 — Security Patch

  • BB-01: Fix XML injection via unescaped xslUrl in stylesheet processing instruction (stylesheetInclude now escapes &, ", <, >)
  • BB-02: Enforce 50,000 URL hard limit in XMLToSitemapItemStream — parser stops emitting items instead of only logging a warning
  • BB-04: Reject absolute destinationDir paths in simpleSitemapAndIndex to prevent arbitrary file writes
  • BB-05: parseSitemapIndex now accepts a maxEntries limit (default 50,000) and destroys source/parser streams immediately on breach
  • Many thanks to @maru1009 For the report
Check out latest releases or
releases around sitemap 7.1.3

Don't miss a new sitemap release

NewReleases is sending notifications on new releases.

Get notifications