/ 
XML-Atom-0.12
Security Advisories (1)
CVE-2012-1102 (2021-07-09)

It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

Changes for version 0.12

  • Documentation fixes for XML::Atom::Server. Thanks to Tatsuhiko Miyagawa for the patch.
  • Removed XML::LibXSLT usage. Too much pain for too little gain. To be clear: all it was doing was namespace normalization, so removing it should make no difference.
  • Fixed _utf8_off bug in XML::Atom::Client that causes fatal error in POSTing multibyte content (Tatsuhiko Miyagawa, Masayoshi Sekimura)
  • Added XML::Atom::Thing::add method to allow $entry->add() (Tatsuhiko Miyagawa)

Modules

XML::Atom
Atom feed and API implementation
XML::Atom::Client
A client for the Atom API
XML::Atom::Entry
Atom entry
XML::Atom::Feed
Atom feed
XML::Atom::Person
Author or contributor object
XML::Atom::Server
A server for the Atom API
XML::Atom::Util
Utility functions

Provides

LWP::UserAgent::AtomClient
in lib/XML/Atom/Client.pm
XML::Atom::Content
in lib/XML/Atom/Content.pm
XML::Atom::ErrorHandler
in lib/XML/Atom/ErrorHandler.pm
XML::Atom::Link
in lib/XML/Atom/Link.pm
XML::Atom::Namespace
in lib/XML/Atom.pm
XML::Atom::Thing
in lib/XML/Atom/Thing.pm

Other files