XML Security:

• Detect infinite recursion in parameter entities.
• Fix handling of parameter-entity references.
• Disallow namespace nodes in XPointer ranges.
• Fix XPointer paths beginning with range-to.

XML Bug Fixes:

• xmlcatalog: restore ability to query system catalog easily.
• Fix comparison of nodesets to strings.
• Fix XPath stack frame logic.
• Report undefined XPath variable error message.
• Handle more invalid entity values in recovery mode.
• Fix structured validation errors.
• Handle illegal entity values in recovery mode.
• Fix memory leak in nanoftp.
• Fix memory leaks in SAX1 parser.
• Problem resolving relative URIs.
• Fix unwanted warnings when switching encodings.
• Heap-buffer-overflow read of size 1 parsing regular expression character ranges.
• Fix NULL pointer deref in parsing regular expression character escapes.
• Fix infinite loops with push parser in recovery mode.
• Fix NULL deref parsing external character entities.
• Make sure not to call IS_BLANK_CH when parsing the DTD.
• Fix pathological performance when outputting charrefs.
• Fix duplicate SAX callbacks for entity content.
• Treat URIs with scheme as absolute in C14N.
• Fix copy-paste errors in error messages.
• Fix sanity check parsing HTML names.
• Fix potential infinite loop in xmlStringLenDecodeEntities.
• Reset parser input pointers on encoding failure.
• Fix memory leak in xmlParseEntityDecl error path.
• Fix xmlBuildRelativeURI for URIs starting with './'.
• Fix type confusion in xmlValidateOneNamespace.
• Fix memory leak in xmlStringLenGetNodeList.
• Fix NULL pointer deref dumping element content.
• Fix memory leak in xmlBufAttrSerializeTxtContent.
• Stop parser on unsupported encodings.
• Check for integer overflow in memory debug code.
• Fix buffer size checks in xmlSnprintfElementContent.
• Avoid reparsing in when parsing start tags.
• Fix regular expression undefined behavior.
• Check XPath exponents for overflow.
• Check XPath prosition predicate for overflow.
• Fix spurious error message.
• Fix memory leak in xmlCanonicPath.
• Fix memory leak comparing node set values.
• Fix memory leak in pattern error path.
• Fix memory leak in parser error path.
• Fix memory leaks in XPointer error paths.
• Fix memory leak merging node sets.
• Fix memory leak in XPath filter optimizations.
• Fix memory leaks in XPath error paths.
• Do not leak the new CData node if adding fails.
• Prevent unwanted external entity reference.
• Increase buffer space for port in HTTP redirect support.
• Fix format string warnings.
• Disallow namespace nodes in XPointer points.
• Fix comparison with root node in xmlXPathCmpNodes.
• Fix attribute decoding during XML schema validation.
• Fix NULL pointer deref in XPointer range-to.

XML Improvements:

• Add const in five places to move 1 KiB to .rdata.
• Get rid of “blanks wrapper” for parameter entities.
• Simplify handling of parameter entity references.
• Make HTML parser functions take const pointers.
• Rework entity boundary checks.
• Don't switch encoding for internal parameter entities.
• Initialize keepBlanks in HTML parser.
• Remove useless check in xmlParseAttributeListDecl.
• Allow zero sized memory input buffers.
• Check for integer overflow converting numbers to string representations.
• Simplify control flow parsing XML start tags.
• Parse small XPath numbers more accurately.
• Rework XPath rounding functions.
• Fix axis traversal from attribute and namespace nodes.
• Check for trailing characters in XPath expressions earlier.
• Rework final handling of XPath results.
• Make xmlXPathEvalExpression call xmlXPathEval.

XSLT Bug Fixes:

• Fix NULL deref in xsltDefaultSortFunction.
• Fix memory hazards in EXSLT function evaluation.
• Fix memory leaks in EXSLT error paths.
• Fix memory leak in str:concat with empty node-set.
• Fix memory leaks in error paths.
• Fix NULL pointer deref in XSLT format number function.
• Fix UTF-8 check in str:padding.
• Check for overflow parsing year without time zone.
• Fix double to int conversion.
• Check for overflow parsing duration strings.
• Disable xsltCopyTextString optimization for extensions.
• Create DOCTYPE for HTML version 5.
• Make xsl:decimal-format work with namespaces.
• Remove the norm:localTime extension function. It was non-standard, undocumented and used a custom date format.
• Check for integer overflow adding text to text nodes.
• Detect infinite recursion when evaluating function arguments.
• Fix memory leak in the the element-available() XSLT function.
• Fix for pattern predicates calling functions.
• Fix heap overread in in the format-number() XSLT function.
• Fix <xsl:number level=“any”/> for non-element nodes.
• Fix unreachable code adding a child node.
• Change version number in xsl:version warning.
• Avoid infinite recursion after failed param evaluation.
• Stop if potential recursion is detected.
• Consider built-in templates in apply-imports.
• Fix precedence with multiple attribute sets.
• Rework attribute set resolution.

XSLT Improvements:

• New-line terminate error message that missed this convention.
• Use xmlBuffers in EXSLT string functions.
• Switch to xmlUTF8Strsize in EXSLT string functions.
• Check for return value of xmlUTF8Strlen.
• Avoid double/long round trip formating an item number.
• Separate date and duration structs.
• Check for overflow in calculating date differences.
• Clamp seconds field of durations.
• Fix date:difference with time zones.
• Change internal representation of years.
• Optimize leap year calculation.
• Make some symbols static.
• Remove redundant NULL check in XSLT number node processing.
• Fix forwards compatibility for imported stylesheets.
• Reduce warnings in forwards-compatible mode.
• Precompute XSLT elements after preprocessing.
• Fix whitespace scanning the top level elements of an XSL stylesheet.
• Consolidate recursion checks.
• Treat XSLT_STATE_STOPPED as errors.
• Make sure that XSLT_STATE_STOPPED isn't overwritten.
• Rewrite memory management of local RVTs.
• Validate QNames of attribute sets.
• Ignore imported stylesheets when applying xsl:use-attribute-sets.

• Support Delphi 10.2 Tokyo Win32 and Win64.

XML Bug Fixes:

• More format string warnings with possible format string vulnerability.
• Avoid building recursive entities.
• Fix buffer overreads, underreads, and use after free.
• Detect change of encoding when parsing HTML names.
• Fix inappropriate fetch of entities content.
• Avoid an out of bound access when serializing malformed strings.
• Integer overflow parsing port number in URI.
• Fix error with regexp on nullable counted char transition.
• Fix memory leak with XPath namespace nodes.
• Fix namespace axis traversal.
• Fix nil pointer dereference in documents with no root element.
• Fix XSD validation of URIs with ampersands.
• Fix namespace::node() XPath expression.
• Fix parsing of NCNames in XPath.
• Normalize string-based datatype value in RelaxNG facet checking.

XSLT Bug Fixes:

• date:add(): Keep timezone & fix buffer overflow.
• Fix saxon:line-number() with namespace nodes.
• Fix dyn:map() with namespace nodes.
• Fix error handling in Saxon extension functions.
• Fix double free in hash functions.
• Fix multiple possible nil pointer dereferences.
• Detect attribute sets recursions in more cases.
• Check name vales for attribute-set elements to avoid an indefinite loop.

XSLT Improvements:

• Fix xsl:number() lower and upper bound for format token “i”.
• Fix xsl:number() lower bound for format token “a”.
• Handle negative xsl:number() values.
• Round xsl:number() values to nearest integer.
• Allow {URI}NCName syntax for user parameters.
• Fix error messages for unsupported methods.

• Support Delphi 10.1 Berlin Win32 and Win64.

XML Security Fixes:

• Prevent buffer overead with HTML parser in push mode.
• Fix memory access error due to incorrect entities boundaries.
• Avoid internal state error when growing the parser buffer.
• Use a common function to stop the parser on error more consistently.
• Fix an entity expansion issue.
• Avoid heap buffer overflow.
• Avoid processing entities after encoding conversion failures.
• Enforce the reader to run in constant memory.
• Cleanup conditional section error handling.
• Stop parsing on entities boundaries errors.

XML Bug Fixes:

• Bug on creating new stream from entity.
• Do not print error context when there is none.
• Avoid extra processing of MarkupDecl when EOF.
• Fix parsing short unclosed comment uninitialized access.
• Add missing Null check.
• Fix a bug in CData error handling in the push parser.
• Fix a bug on name parsing at the end of current input buffer.
• Fix the spurious ID already defined error.
• Fix previous change to node sort order.
• Fix a self assignment issue.
• Fail parsing early on if encoding conversion failed.
• Do not process encoding values if the declaration if broken.
• Make xmlMemUsed and xmlMemBlocks thread-safe.
• Fix support for except in nameclasses.
• Fix order of root nodes.
• Allow attributes on descendant-or-self axis.
• Fix timsort invariant loop re: Envisage article.
• Remove various unused value assignments.
• Revert “Missing initialization for the catalog module”.

XML Improvements:

• Recover unescaped less-than character in HTML recovery parsing.
• Allow HTML serializer to output HTML5 DOCTYPE.

XSLT Bug Fixes:

• Properly initialize EXSLT month and day to 1.
• Fix various potential nil-pointer dereferences.
• Fix xsltNumberFormat memory leak.
• Check that a parent node is an element before dereferencing its namespace to fix type confusion in preprocessing attributes.
• Check name vales for attribute-set elements and recursion.

XSLT Improvements:

• Use hash table to look up named templates. For big XSLTs (>50000 templates), this results in a huge improvement of the compilation time.

• Support Delphi 10 Seattle Win32 and Win64.

• Add support for Delphi XE8 Win32 and Win64.

• Support element node traversal in document fragments.
• Add missing NULL checks that could cause an AV if a pointer was dereferenced.
• Correct structured error column when skipping white space and parsing attribute values & end tags.
• Fix a problem properly saving URIs.
• Fix Enum check and missing break.
• Fix possible HTML parser overflow reading the document encoding.
• Fix memory leak in xmlNanoFTPConnect.
• Fix parser bug on misformed namespace attributes.
• Fix parser error on repeated recursive entity expansion containing <.
• Correctly release Windows Critical sections in xmlRMutexLock and xmlRMutexUnlock.
• Fix parser memory leak xml reading an encoding header field with XML_PARSE_IGNORE_ENC.
• Fix XSLT str:align with UTF-8 strings.

• Support Delphi XE7 Win32 and Win64.

• Backward incompatibility change: Remove the EXSLT str:replace() function. It is broken and can not be fixed with the current design of the library.
• Add EXSLT math functions math:abs(), math:sqrt(), math:power(), math:log(), math:sin(), math:cos(), math:tan(), math:asin(), math:acos(), math:atan(), math:atan2(), math:exp().
• Fix nearly 100 bugs in XML, XSLT and EXSLT.
• Documentation improvements.

• Support Delphi XE6 Win32 and Win64.
• Mark xmlXPathEvalExpression as deprecated in favor of xmlXPathEval.
• Add XPath to DIXml_Canonicalization demo.
• Improve XPath documentation.

• Fix interface of xmlC14NDocSaveTo, xmlC14NDocDumpMemory, xmlC14NDocSave, and xmlC14NExecute. They all used xmlCharPtr where xmlCharPtrArrayPtr was required.
• Fix interface of htmlNodeDumpOutput and htmlNodeDumpFormatOutput. They both used xmlDocPtr where xmlNodePtr was required.
• New DIXmlUtils unit with various utility functions.
• Add new DIXml_Canonicalization demo.
• Largely extend and improve documentation.

• Support Delphi XE5 Win32 and Win64.

• Support Delphi XE4 Win32 and Win64.

• Add xmlXPathSetContextNode and xmlXPathNodeEval. They make it easier to evaluate XPath expressions with a context node other than the document root without poking about inside the internals of the context.
• Do not URI escape server side includes when dumping an HTML attribute.
• Fix an error in xmlCleanupParser.
• Improve the hashing functions.
• Improve handling of xmlStopParser: Add XML_ERR_USER_STOP error code and try to stop parsing as quickly as possible.
• Remove risk of lockup if xmlInitializeDict was called by two threads concurrently. Initialization is now automatic and xmlInitializeDict deprecated.
• Activate detection of encoding in external subset.
• Fix an output buffer flushing conversion bug.
• Fix an old bug in xmlSchemaValidateOneElement.
• Fix schema validation in combination with xsi:nil.
• xmlCtxtReadFile now works with literal IPv6 URLs.
• Detect excessive entities expansion upon replacement. If entities expansion in the XML parser is asked for, it is possble to craft relatively small input document leading to excessive on-the-fly content generation. Now account for those replacement and stop parsing after a given threshold. It can be bypassed as usual with the XML_PARSE_HUGE parser option.
• Fix the flushing out of raw buffers on encoding conversions.
• Fix some buffer conversion issues.
• When calling xmlNodeDump make sure the buffer grows quickly using a double-it scheme.
• Try IBM-037 when looking for EBCDIC character encoding handlers.
• Fix potential out of bound access parsing attribute values.
• Fix large parse of file from memory.
• Fix a bug in the XML_PARSE_NSCLEAN option of the parser.
• Fix a regression breaking validation while streaming.
• Cache presence of '<' in entities content.
• Avoid extra processing on entities: If an entity has already been checked for correctness do not check it again on every reference.

XML Bug Fixes

• Fix a regression in breaking validation while streaming.
• Fix a bug in the nsclean option of the parser.
• Fix large parse of file from memory.
• Fix potential parser out of bound access.
• Try IBM-037 when looking for EBCDIC handlers.

XSLT Bug Fixes

• Fix generate-id() to avoid generating the same ID.
• Fix crash with empty xsl:key/@match attribute.
• Crash when passing an uninitialized variable to document().
• Fix regression: Default namespace not correctly used.

• Support Delphi XE3 Win32 and Win64.

XML New Features

• A few new API entry points,
• More resilient push parser mode.
• Faster XPath evaluation

XML Improvements

• Allow to set the quoting character of an xmlTextWriter.
• Keep non-significant blanks node in HTML parser.
• Add a forbidden variable error number and message to XPath.
• Support long path names on WNT.
• Improve HTML escaping of attribute on output.
• Switching XPath node sorting to Timsort.
• Optimizing '//' in XPath expressions.
• Expose xmlBufShrink in the public tree API.
• Visible HTML elements close the head tag.
• Fix file and line report for XSD SAX and reader streaming validation.
• Fix const qualifyer to definition of xmlBufferDetach.
• Add support for big line numbers in error reporting.
• Deprecate xmlBuffer for serialization and use the new xmlBuf instead.
• Improve compatibility between xmlBuf and xmlBuffer.
• New xmlOutputBuffer accessors xmlOutputBufferGetContent and xmlOutputBufferGetSize.
• Improvements for old buffer compatibility.
• Improve error reporting on parser errors.
• Implement some default limits in the XPath module.
• Introduce some default parser limits.
• Cleanups and new limit APIs for dictionaries.
• Cleanup URI module memory allocation code.
• Impose a reasonable limit on PI size.
• Avoid quadratic behaviour in some push parsing cases.
• Impose a reasonable limit on comment size.
• Impose a reasonable limit on attribute size.
• Cleanup function xmlBufResetInput.
• xmlTextReader bails too quickly on error.
• Use a hybrid allocation scheme in xmlNodeSetContent.
• Use buffers when constructing string node lists.
• Add HTML parser support for HTML5 meta charset encoding declaration.
• Wrong message for double hyphen in comment XML error.
• Add function xmlTextReaderRelaxNGValidateCtxt.
• Add hash randomization to hash and dict structures.
• Improve the error report on undefined REFs.
• Add exception for new W3C PI xml-model.
• Add options to ignore the internal encoding.

XML Bug Fixes

• Change the XPath code to percolate allocation errors.
• Fix reuse of xmlInitParser.
• Fix potential crash on entities errors.
• Fix the XPath arity check to also check the XPath stack limits.
• Fix problem with specific and generic error handlers.
• Avoid a potential infinite recursion.
• Fix an XSD error when generating internal automata.
• Patch for xinclude of text using multibyte characters.
• Fix a segfault on XSD validation on pattern error.
• Add a missing element check.
• Adding various checks on node type though the API.
• Namespace nodes can't be unlinked with xmlUnlinkNode.
• Fix make dist to include new private header files.
• More fixups on the push parser behaviour.
• Strengthen behaviour of the push parser in problematic situations.
• Enforce XML_PARSER_EOF state handling through the parser.
• Fixup limits parser.
• Do not fetch external parsed entities.
• Fix entities local buffers size problems.
• Fix parser local buffers size problems.
• Fix a failure to report xmlreader parsing failures.
• Fix a race in xmlNewInputStream.
• Fix weird streaming RelaxNG errors.
• HTML parser error with <noscript> in the <head>.
• XSD: optional element in complex type extension.
• Fix HTML serialization error and htmlSetMetaEncoding.
• xinclude with parse=“text” does not use the entity loader.
• Allow to parse 1 byte HTML files.
• Patch that fixes the skipping of the HTML_PARSE_NOIMPLIED flag.
• Avoid memory leak if xmlParserInputBufferCreateIO fails.
• Prevent an infinite loop when dumping a node with encoding problems.
• HTML element position is not detected propperly.
• Fix a problem with entities in SAX mode.
• Fix SAX2 builder in case of undefined attributes namespace.
• Fix SAX2 builder in case of undefined element namespaces.
• Fix a pair of possible out of array char references.
• Fix an allocation error when copying entities.
• Make sure the parser returns when getting a Stop order.
• Fix some potential problems on reallocation failures.
• Fix a schema type duration comparison overflow.
• Fix an unimplemented part in RNG value validation.
• Fix missing error status in XPath evaluation and harden XPath evaluation.
• Fix an off by one error in encoding.
• Fix RELAX NG include bug.
• Fix XSD validation bug..
• Fix some potential problems on reallocation failures.
• Fix use of the structured callback channel and its data initialization.
• Fix memory corruption when parsing a balanced chunk.
• Fix a potential freeing error in XPath.
• Fix a potential memory access error.

XSLT Improvements

• Add the saxon:systemId extension.
• Add an append mode to document output.
• Allow per-context override of xsltMaxDepth, introduce xsltMaxVars.
• Precompile patterns in xsl:number.

XSLT Bug fixes

• Report errors on variable use in key.
• Fix handling of names in xsl:attribute.
• Reserved namespaces in xsl:element and xsl:attribute.
• Null-terminate result string of cry:rc4_decrypt.
• EXSLT date normalization fix.
• Exit after compilation of invalid func:result.
• Fix for EXSLT func:function.
• Rewrite EXSLT string:replace to be conformant.
• Avoid a heap use after free error.
• Fix a dictionary string usage.
• Output should not include extraneous newlines when indent is off.
• document('') fails to return stylesheets parsed from memory.
• Forwards-compatible processing of unknown top level elements.
• Fix system-property with unknown namespace.
• Hardening of code checking node types in EXSLT.
• Hardening of code checking node types in various entry point.
• Fix default template processing on namespace nodes.
• Fix a bug in selecting XSLT elements.
• Fix some case of pattern parsing errors.
• Fix a memory leak with xsl:number.
• Fix a problem with ESXLT date:add.
• Fix a memory leak if compiled with Windows locale support.
• Fix generate-id.
• Fix curlies support in literals for non-compiled AVTs.
• Allow whitespace in xsl:variable with select.
• Small fixes to locale code.
• Fix popping of vars.
• Fix direct pattern matching bug.

• Support Delphi XE2 Win64.

• Support Delphi XE2 Win32.
• Enable XSLT debugger (xsltSetDebuggerStatus, xsltSetDebuggerCallbacks): See DIXml_XSLT_Tutorial demo for an example implementation.

• Enable locale support so that Windows API string comparison functions may be used for XSLT sorting if available.
• Various XSLT fixes and improvements.
• Add an HTML parser option to avoid a default doctype.
• Disable an over-optimization which caused an AV when processing floating point numbers.
• Fix potential memory leak in XPath
• Fix potential memory curruption in XML parser and XPath.
• Various other fixes for XPath, HTML parser, iso995 encoding, and more.

• Delphi XE support.
• Some additions and corrections to demos projects and help.

• Fix broken escape behaviour in regexp ranges.
• ChunkParser: Incorrect decoding of small xml files.
• Fixed HTML encoding detection.
• Fix encoding selection for xmlParseInNodeContext.
• Fix xmlPreviousElementSibling mistake.
• Fix xmlParseInNodeContext for HTML content.
• Fix lost namespace when copying node.
• Recognize ID attribute in HTML without DOCTYPE.
• Fix memory leak in xmlXPathEvalExpression.
• Don't give default HTML boolean attribute values in parser.
• xmlCtxtResetLastError should reset ctxt-errNo.
• Completely revised the help generator to ease navigation and improve readability. Send your feedback!

• Switch parser to XML-1.0 5th edition, add parsing flag XML_PARSE_OLD10 for old versions.
• Switch URI parsing to RFC 3986.
• Improve handling of misplaced html/head/body in HTML parser.
• Improve xmlSave…() functions to handle HTML documents and trees.
• Performance improvements, for example when the encoder can not serialize characters on output.
• Numerous bug fixes: Realloc problems, potential double frees, and access violations.

• Delphi 2010 support.
• Improvements and bug fixes to the demo projects.

• Delphi 2009 support.

XSLT bug fixes:

• Pattern compilation.
• Key initialization.
• Processing of top level elements of stylesheets which are not in the XSLT namespace and are not an extension either.

• Fix several bugs and potential memory leaks, including a missing check in UTF-8 decoding.
• Improved HTML parsing.
• First sketch of new DIXmlConverters unit with additional conversion functions based on the DIConverters] library.
• Better demo projects: Several problems corrected, better code documentation.

• Build libxml with LIBXML_THREAD_ENABLED defined.
• Add interface for thread handling.
• Add interface for global variables and thread handling of those variables.

• Add XSLT documents and variables APIs.
• Further API improvements, fixes, and documentations.
• Add to all demo projects proper initialize and finalize code for global XML and XSLT variables.
• Add character encoding options to DIXml_XSLT_Browser demo.
• New DIXml_xmlOuputBuffer_WideString demo project to demonstrate how to use the xmlOutputBuffer API interface to serialize an XML document straight into a Delphi WideString.
• New DIXml_XSLT_WideString demo project to show XSLT transformation with optimized WideString document loading and saving.

• Do not crash xmlMemFree() when passing a nil pointer.
• Fix XML saving to avoid a crash when dumping an attribute from an XHTML document.
• Enhance nanohttp to include port number (if not = 80) on the “Header:” URL
• Fix a regular expression range bug and correct a typo which resulted in a warning.
• Fix EXSLT extension week-in-year result which did not conform to the specification.
• Remove some unused code. This slightly decreases the library size.
• Add schema validation demo based on xmlTextReader.

• Fix internal library string to floating point conversion which surfaced when testing the XML schema validation.

• Add XML schema validation interfaces and demo.

• XML fixes (libxml 2.6.30):
  • Windows path handling.
  • xmlXPathNodeSetSort problem.
  • leak when reusing a writer for a new document.
  • Schemas xsi:nil handling patch.
  • relative URI build problem.
  • crash in xmlDocFormatDump.
  • invalid char in comment detection bug.
  • disparity with xmlSAXUserParseMemory.
  • automata generation for complex regexp counts problems.
  • Schemas IDC import problems.
  • xpath predicate evailation error handling.
• XSLT fixes (libxslt 1.1.22):
  • RVT cleanup problems
  • exclude-result-prefix bug
  • stylesheet compilation error handling
• Interface the global variables xmlTreeIndentString and xmlSaveNoEmptyTags.
• New NameSpace demo project.

• Update embedded libxml2 to version 2.6.29 and libxslt to version 1.1.21.
• Add HTTP and FTP input/output support.
• Add interface for canonicalization (xmlC14N… functions and procedures).
• Add interface for catalog (xmlCatalog… functions and procedures).
• Add interface for HTML tree output (various html… functions and procedures).
• Add interface for lists (xmlList… functions and procedures).
• Add interface for SAX (deprecated, legacy only).
• Add interface for SAX2 (xmlSAX2… functions and procedures).
• Add interface for Schematron (xmlSchematron… functions and procedures).
• Add interface for Save (xmlSave… functions and procedures).
• Add interface for XPointer (xmlXPtr … functions and procedures).
• Add interface for Unicode character classes (xmlUCSIs… functions).
• Add other interface parts, plus a few fixes.
• Fix: Unrecognized end of file could result in endless loop.
• Documentation updates.

• First public release.