XML-Atom-0.05

Security Advisories (1)

CVE-2012-1102 (2021-07-09)

It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

Changes for version 0.05

BACKWARDS INCOMPABILITY: Removed XML::Atom::Entry::get_links and XML::Atom::Feed::get_links, in favor of new link() method in both classes, which returns a list of XML::Atom::Link objects. Also, add_link() now expects an XML::Atom::Link object instead of a hash reference.
BACKWARDS INCOMPABILITY: Renamed XML::Atom::API to XML::Atom::Client.
Added XML::Atom::Link, an encapsulation of the <link> tag in a feed or an entry.
Added XML::Atom::Server, an implementation of an Atom core server (to be subclassed for implementation-specific methods).
Fixed feed auto-discovery to work with all client tests at http://diveintomark.org/tests/client/autodiscovery/
Added (and documented) XML::Atom::Feed->find_feeds, to return all of the Atom feed URIs on a page given a URI.
Fixed issue with PasswordDigest in API (use sha(), not hex(sha()) for generating password digest).
Stream parameter to XML::Atom::Entry::new and XML::Atom::Feed::new is now optional; if passed only one parameter, it's assumed to be the Stream parameter.
Fixed bug in XML::Atom::Content::as_xml (it didn't work).