Release v2.9.14


  • [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
  • Fix potential double-free in xmlXPtrStringRangeFunction
  • Fix memory leak in xmlFindCharEncodingHandler
  • Normalize XPath strings in-place
  • Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer)
  • Fix leak of xmlElementContent (David Kilzer)

Bug fixes

  • Fix parsing of subtracted regex character classes
  • Fix recursion check in xinclude.c
  • Reset last error in xmlCleanupGlobals
  • Fix certain combinations of regex range quantifiers
  • Fix range quantifier on subregex


  • Fix recovery from invalid HTML start tags

Build system, portability

  • Define LFS macros before including system headers
  • Initialize XPath floating-point globals
  • configure: check for icu DEFS (James Hilliard)
  • produce tar.xz only (GNOME policy) (David Seifert)
  • Fix build with older Python versions
  • Fix --without-valid build