kc3-lang/md4c

Browse

Commit dec252d4be106093ecce599085d08ef84f84a848

Martin Mitas 2024-01-21T10:39:06

Bump version 0.5.1 and update CHANGELOG.md. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f91f108..46b1795 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,65 @@
 # MD4C Change Log
 
 
+## Version 0.5.1
+
+Changes:
+
+ * LaTeX math extension (`MD_FLAG_LATEXMATHSPANS`) now requires that opener
+   mark is not immediately preceded with alpha-numeric character and similarly
+   that closer mark is not immediately followed with alpha-numeric character.
+
+   So for example `foo$ x + y = z $` is not recognized as LaTeX equation
+   anymore because there is no space between `foo` and the opening `$`.
+
+ * Table extension (`MD_FLAG_TABLES`) now recognizes only tables with no more
+   than 128 columns. This limit has been imposed to prevent a pathological
+   case of quadratic output size explosion which could be used as DoS attack
+   vector.
+
+ * We are now more strict with `MD_FLAG_PERMISSIVExxxAUTOLINKS` family of
+   extensions with respect to non-alphanumeric characters, with the aim to
+   mitigate false positive detections.
+
+   Only relatively few selected non-alphanumeric are now allowed in permissive
+   e-mail auto-links (`MD_FLAG_PERMISSIVEEMAILAUTOLINKS`):
+     - `.`, `-`, `_`, `+` in user name part of e-mail address; and
+     - `.`, `-`, `_` in host part of the e-mail address.
+
+   Similarly for URL and e-mail auto-links (`MD_FLAG_PERMISSIVEURLAUTOLINKS` and
+   `MD_FLAG_PERMISSIVEWWWAUTOLINKS`):
+     - `.`, `-`, `_` in host part of the URL;
+     - `/`, `.`, `-`, `_` in path part of the URL;
+     - `&`, `.`, `-`, `+`, `_`, `=`, `(`, `)` in the query part of the URL
+       (additionally, if present, `(` and `)` must form balanced pairs); and
+     - `.`, `-`, `+`, `_` in the fragment part of the URL.
+
+   Furthermore these characters (with some exceptions like where they serve as
+   delimiter characters, e.g. `/` for paths) are generally accepted only when
+   an alphanumeric character both precedes and follows them (i.e. these cannot
+   be "stacked" together).
+
+Fixes:
+
+ * Fix several bugs where we haven't properly respected already resolved spans
+   of higher precedence level in handling of permissive auto-links extensions
+   (family of `MD_FLAG_PERMISSIVExxxAUTOLINKS` flags), LaTeX math extension
+   (`MD_FLAG_LATEXMATHSPANS`) and wiki-links extension (`MD_FLAG_WIKILINKS`)
+   of the form `[[label|text]]` (with pipe `|`). In some complex cases this
+   could lead to invalid internal parser state and memory corruption.
+
+   Identified with [OSS-Fuzz](https://github.com/google/oss-fuzz).
+
+ * [#222](https://github.com/mity/md4c/issues/222):
+   Fix strike-through extension (`MD_FLAG_STRIKETHROUGH`) which did not respect
+   same rules for pairing opener and closer marks as other emphasis spans.
+
+ * [#223](https://github.com/mity/md4c/issues/223):
+   Fix incorrect handling of new-line character just at the beginning and/or
+   end of a code span where we were not following CommonMark specification
+   requirements correctly.
+
+
 ## Version 0.5.0
 
 Changes:
diff --git a/CMakeLists.txt b/CMakeLists.txt
index be781e5..1a4be6e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -4,7 +4,7 @@ project(MD4C C)
 
 set(MD_VERSION_MAJOR 0)
 set(MD_VERSION_MINOR 5)
-set(MD_VERSION_RELEASE 0)
+set(MD_VERSION_RELEASE 1)
 set(MD_VERSION "${MD_VERSION_MAJOR}.${MD_VERSION_MINOR}.${MD_VERSION_RELEASE}")
 
 set(PROJECT_VERSION "${MD_VERSION}")
kmx.io     mail     discord kmxgit v0.4.0