top | item 47202464

(no title)

Does it fix the security flaws that caused the original project to be shut down?

discuss

Because it was written in C, libxml2's CVE history has been dominated by use-after-free, buffer overflows, double frees, and type confusion. xmloxide is written in pure Rust, so these entire vulnerability classes are eliminated at compile time.

sarchertech|1 day ago

Only if it doesn’t use any unsafe code, which I don’t think is the case here.

blegge|1 day ago

https://gitlab.gnome.org/GNOME/libxml2/-/commit/0704f52ea4cd...

Doesn't seem to have shut down or even be unmaintained. Perhaps it was briefly, and has now been resurrected?

fweimer|20 hours ago

See: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1023

notpushkin|1 day ago

If by flaws you mean the security researchers spamming libxml2 with low effort stuff demanding a CVE for each one so they can brag about it – no, I don’t think anybody can fix that.

bawolff|1 day ago

Based on context, i kind of imagine they are more thinking of the issues surounding libxslt.