v2.10.0 release notes

author: James R. Barlow <james@purplerock.ca> 2021-03-30 00:04:44 -0700
committer: James R. Barlow <james@purplerock.ca> 2021-03-30 00:05:53 -0700
commit: 391135114fddce6485c15c9ac6086783692782e4 (patch)
tree: 3e9db63e5389b01c21ecc980b7d03c44ef261e61
parent: 3f38f73218e5e782fe411ccbb3b44a793c0b343a (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/release_notes.rst b/docs/release_notes.rst
index e624a6e..66aac21 100644
--- a/docs/release_notes.rst
+++ b/docs/release_notes.rst
@@ -18,6 +18,16 @@ is in production use. Note that the C++ extension module
 ``pikepdf._qpdf`` is a private interface within pikepdf that applications
 should not access directly, along with any modules with a prefixed underscore.
 
+v2.10.0
+=======
+
+-  Fixed a XML External Entity (XXE) processing vulnerability in PDF XMP metadata
+   parsing. (Reported by Eric Therond of Sonarsource.) All users should upgrade
+   to get this security update.
+-  Bind new functions to check, when a PDF is opened, whether the password used
+   to open the PDF matched the owner password, user password, or both:
+   ``Pdf.user_password_matched`` and ``Pdf.owner_password_matched``.
+
 v2.9.2
 ======
author	James R. Barlow <james@purplerock.ca>	2021-03-30 00:04:44 -0700
committer	James R. Barlow <james@purplerock.ca>	2021-03-30 00:05:53 -0700
commit	391135114fddce6485c15c9ac6086783692782e4 (patch)
tree	3e9db63e5389b01c21ecc980b7d03c44ef261e61
parent	3f38f73218e5e782fe411ccbb3b44a793c0b343a (diff)