EpubCheck version 4.0.2 is now available:
https://github.com/IDPF/epubcheck/releases
Quote:
EpubCheck 4.0.2 is a maintenance release of the EPUB conformance checker.
Important security fix
This version includes a fix for a critical security vulnerability (CVE-2016-9487) which may, under some circumstances, enable a remote attacker to access arbitrary files on the system where EpubCheck is running.
All users should update to EpubCheck 4.0.2 as soon as possible.
Special thanks to Craig Arendt for having identified the vulnerability and disclosed it privately to EpubCheck's team.
Enhancements
#673 – Enhanced XML report output:
#486 – @subMessage and @severity attributes on <message> element
#517 – Include list of all resources + media types
#670 – Fix illegal characters in XML output
#657 – New method Archive.createArchive(File) to specify file paths when using this in 3rd party tools
Bug fixes
Fix for critical vulnerability CVE-2016-9487
#689 – Fix for unclosed ImageInputStreams on image file validation
#678 – Clarify ACC-009 message: 'alt' -> 'alttext' attribute
#686 – Make BitmapChecker.ImageHeuristics a public object
#711 – Bugfix for false positive error messages due to locale settings
See the details in the list of issues closed since the last public release.
|