diff options
author | James R. Barlow <james@purplerock.ca> | 2021-03-30 00:04:44 -0700 |
---|---|---|
committer | James R. Barlow <james@purplerock.ca> | 2021-03-30 00:05:53 -0700 |
commit | 391135114fddce6485c15c9ac6086783692782e4 (patch) | |
tree | 3e9db63e5389b01c21ecc980b7d03c44ef261e61 | |
parent | 3f38f73218e5e782fe411ccbb3b44a793c0b343a (diff) |
v2.10.0 release notes
-rw-r--r-- | docs/release_notes.rst | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/release_notes.rst b/docs/release_notes.rst index e624a6e..66aac21 100644 --- a/docs/release_notes.rst +++ b/docs/release_notes.rst @@ -18,6 +18,16 @@ is in production use. Note that the C++ extension module ``pikepdf._qpdf`` is a private interface within pikepdf that applications should not access directly, along with any modules with a prefixed underscore. +v2.10.0 +======= + +- Fixed a XML External Entity (XXE) processing vulnerability in PDF XMP metadata + parsing. (Reported by Eric Therond of Sonarsource.) All users should upgrade + to get this security update. +- Bind new functions to check, when a PDF is opened, whether the password used + to open the PDF matched the owner password, user password, or both: + ``Pdf.user_password_matched`` and ``Pdf.owner_password_matched``. + v2.9.2 ====== |