This is a security update release.
Changed
- XML/HTML entities in attributes will no longer be preserved when rendering (#353)
Fixed
- Fix XSS vulnerability caused by improper preservation of entities when rendering (#353)
Deprecated
- Deprecated the
$preserveEntitesargument ofXml::escape()for removal in the next release (#353)