Skip to content

Releases: kivikakk/comrak

v0.23.1-pre.3

01 May 20:06
Compare
Choose a tag to compare

v0.23.1-pre.2

01 May 19:58
Compare
Choose a tag to compare

What's Changed

Full Changelog: 0.23.0...v0.23.1-pre.2

0.23.0

29 Apr 14:51
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: 0.22.0...0.23.0

0.22.0

29 Mar 23:19
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: 0.21.0...0.22.0

0.21.0

25 Jan 10:46
Compare
Choose a tag to compare

What's Changed

Full Changelog: 0.20.0...0.21.0

0.20.0

29 Nov 05:03
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: 0.19.0...0.20.0

0.19.0

03 Oct 06:12
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: 0.18.0...0.19.0

0.18.0

31 Mar 10:12
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: 0.17.1...0.18.0

0.17.1

28 Mar 03:23
Compare
Choose a tag to compare

What's Changed

  • Fix some panics found by trivial fuzzing.

Full Changelog: 0.17.0...0.17.1

0.17.0

28 Mar 01:15
Compare
Choose a tag to compare

What's Changed

This contains some breaking changes from an API point of view, but output is largely unchanged. Spec compliance is improved, and benchmark runtime is over 20% faster.

  • SECURITY: GHSA-8hqf-xjwp-p67v / Quadratic runtime when parsing Markdown (GHSL-2023-047)
    • A variety of quadratic runtime issues that could lead to DoS were reported and addressed.
    • We replaced pest with an re2c-based scanner.
  • SECURITY: GHSA-xxmq-4vph-956w / Excessive output when parsing Markdown (GHSL-2023-048)
    • Reference output is limited to 100Kb.
  • SECURITY: GHSA-5r3x-p7xx-x6q5 / Attacker controlled data in AST nodes is not validated (GHSL-2023-049)
    • AST nodes no longer store raw Vec<u8>s, and instead store Strings.
  • Various API points were cleaned up.
  • Comrak now targets Rust 2018.
  • Add footnote attributes that mirror cmark-gfm by @digitalmoksha in #273
  • Add support for full_info_string render option by @digitalmoksha in #276
  • chore: improve debug performance by @conradludgate in #283

Many thanks to @philipturnbull and @darakian of the GitHub Security Lab for bringing these issues to my attention and detailing the reproduction steps for each case.

New Contributors

Full Changelog: 0.16.0...0.17.0