Update to 2.15.2

Author: kiyolee

NEWS

@@ -1,5 +1,87 @@
 NEWS file for libxml2
 
+v2.15.2: Mar 03 2026
+
+### Security
+
+- CVE-2026-1757 fix: Memory leak in xmllint Shell - shell.c
+- CVE-2026-0990 fix: Prevent infinite recursion in
+  xmlCatalogListXMLResolve
+- CVE-2026-0992 fix: Exponential behavior when handling
+- parser: Fix infinite loop in xmlCtxtParseContent
+- CVE-2025-10911 libxslt related: Ignore next/prev of documents when
+  traversing XPath
+- CVE-2026-0989 fix: Add RelaxNG include limit
+- xmlIO: use size_t for buffer size reallocation
+- uri: fix signed integer overflow in xmlBuildRelativeURISafe
+- schematron: fix memory leaks on error paths in xmlSchematronParseRule
+- catalog: fix stack overflow from self-referencing SGML CATALOG entries
+
+### Improvements
+
+- fuzz: Make fuzzy encoding match more lenient
+- Fix C14N type confusion
+- meson: Fix build with Meson < 1.3
+- xmllint: Use zlib directly
+- xmllint: New option to separate xpath results using null, --xpath0
+- autotools: Make valgrind actually check for leaks
+- meson: Add valgrind test setup
+- Fix xmlOutputBufferGetContent output when encoder is set
+- threads: don't force _WIN32_WINNT to Vista if it's set to a higher value
+- dist: Add generated documentation to the dist as "dist-doc" folder
+  to simplify downstream packaging of doc
+- Fix xmlRemoveEntity removing from wrong hash table
+- use duplicating variant in relaxng to mitigate UAF
+- Fix memory leak in xmlTextWriterStartAttributeNS on OOM
+- meson: remove hardcoded buildtype=debug default
+- Fix memory leak of prefix in xmlTextWriterStartElementNS()
+- writer: Add a few extra NULL checks to avoid memory leaks on corrupt
+  writer path.
+
+### Thanks
+
+Thanks to the following new contributors:
+
+- gabriel desharnais
+- Herman Semenoff
+- Iván Chavero
+- Jayakrishna Menon
+- Michael Heilmann
+- Michal Privoznik
+- Nathan
+- Peter Fordham
+- Petr Simecek
+- Sandino Araico Sanchez
+- Stéphane Cerveau
+- Steve Lhomme
+- Trevor Gamblin
+- ylwango613
+- Yun
+
+### Full list of commits and contributors on this release
+
+15  Daniel Garcia Moreno
+ 5  ylwango613
+ 4  Peter Fordham
+ 4  Nick Wellnhofer
+ 2  Michal Privoznik
+ 2  Iván Chavero
+ 1  gabriel desharnais
+ 1  Yun
+ 1  Trevor Gamblin
+ 1  Stéphane Cerveau
+ 1  Steve Lhomme
+ 1  Sandino Araico Sanchez
+ 1  Petr Simecek
+ 1  Niels Dossche
+ 1  Nathan
+ 1  Mike Dalessio
+ 1  Michael Heilmann
+ 1  Jayakrishna Menon
+ 1  Herman Semenoff
+ 1  Benjamin Gilbert
+
+
 v2.15.1: Oct 16 2025
 
 ### Regressions

README.libxml2.md

@@ -21,11 +21,29 @@ This code is released under the MIT License, see the Copyright file.
 
 ## Security
 
-This is open-source software written by hobbyists, maintained by a single
-volunteer, badly tested, written in a memory-unsafe language and full of
-security bugs. It is foolish to use this software to process untrusted data.
-As such, we treat security issues like any other bug. Each security report
-we receive will be made public immediately and won't be prioritized.
+This is open-source software written by hobbyists and maintained by
+volunteers.
+
+It's NOT recommended to use this software to process **untrusted data**.
+There is a lot of ways that a malicious crafted xml could exploit a
+hidden vulnerability in the software.
+
+The software is provided "as is", without warranty of any kind,
+express or implied. Use this software at your own risk.
+
+To **report security bugs**, you can create a confidential issue with
+the "security" label. We will review and work on it as a best effort.
+But remember that this is a community project, maintained by volunteer
+developers, so if you are concern about any important security bug
+that's critical for you, feel free to collaborate and provide a patch.
+
+The main rule is to be kind. Do not pressure developers to fix a CVE
+or to work on a functionality that you need, because that won't work.
+This is a community project, developers will work in the issues that
+they consider interesting and when they want. All contributions are
+welcome, so if something is important for you, you can always get
+involved, implement it yourself and be part of the open source
+community.
 
 ## Build instructions
 

README.md

@@ -2,7 +2,7 @@
 
 libxml2 Windows build with Visual Studio.
 
-This version is libxml2-2.15.1.
+This version is libxml2-2.15.2.
 
 To build, simply open the required solution file, and
 you know how to use Visual Studio, right?

THIS_VERSION_IS_2.15.1 THIS_VERSION_IS_2.15.2THIS_VERSION_IS_2.15.1 renamed to THIS_VERSION_IS_2.15.2

@@ -1 +1 @@
-2.15.1
+2.15.2

VERSION

@@ -8,6 +8,9 @@ EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libxml2-static-for-dll", "libxml2-static-for-dll\libxml2-static-for-dll.vcproj", "{8A8D78A8-B79C-49C3-8BB4-F98A034A7950}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tests", "tests", "{2852A29E-A52C-45B0-ADAB-D71F72BC7747}"
+	ProjectSection(SolutionItems) = preProject
+		tests\testcatalog\testcatalog.vcproj = tests\testcatalog\testcatalog.vcproj
+	EndProjectSection
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "runsuite", "tests\runsuite\runsuite.vcproj", "{58998B68-394A-43A9-8709-878B75187283}"
 	ProjectSection(ProjectDependencies) = postProject
@@ -84,6 +87,11 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testparser", "tests\testpar
 		{18397431-727F-4081-A7E0-A41C2019435E} = {18397431-727F-4081-A7E0-A41C2019435E}
 	EndProjectSection
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcatalog", "tests\testcatalog\testcatalog.vcproj", "{A4DDDD7A-99EF-4FF2-83FC-F74F7C6006AA}"
+	ProjectSection(ProjectDependencies) = postProject
+		{18397431-727F-4081-A7E0-A41C2019435E} = {18397431-727F-4081-A7E0-A41C2019435E}
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
@@ -236,6 +244,14 @@ Global
 		{58FA4B95-40F0-449B-AA85-57EBEEA933A8}.Release|Win32.Build.0 = Release|Win32
 		{58FA4B95-40F0-449B-AA85-57EBEEA933A8}.Release|x64.ActiveCfg = Release|x64
 		{58FA4B95-40F0-449B-AA85-57EBEEA933A8}.Release|x64.Build.0 = Release|x64
+		{A4DDDD7A-99EF-4FF2-83FC-F74F7C6006AA}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A4DDDD7A-99EF-4FF2-83FC-F74F7C6006AA}.Debug|Win32.Build.0 = Debug|Win32
+		{A4DDDD7A-99EF-4FF2-83FC-F74F7C6006AA}.Debug|x64.ActiveCfg = Debug|x64
+		{A4DDDD7A-99EF-4FF2-83FC-F74F7C6006AA}.Debug|x64.Build.0 = Debug|x64
+		{A4DDDD7A-99EF-4FF2-83FC-F74F7C6006AA}.Release|Win32.ActiveCfg = Release|Win32
+		{A4DDDD7A-99EF-4FF2-83FC-F74F7C6006AA}.Release|Win32.Build.0 = Release|Win32
+		{A4DDDD7A-99EF-4FF2-83FC-F74F7C6006AA}.Release|x64.ActiveCfg = Release|x64
+		{A4DDDD7A-99EF-4FF2-83FC-F74F7C6006AA}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -256,5 +272,6 @@ Global
 		{F4ACFCBF-3CCF-471E-BD54-3BECF8E39A46} = {2852A29E-A52C-45B0-ADAB-D71F72BC7747}
 		{74B1EC20-670B-45BF-9683-EE0D40C661DD} = {2852A29E-A52C-45B0-ADAB-D71F72BC7747}
 		{58FA4B95-40F0-449B-AA85-57EBEEA933A8} = {2852A29E-A52C-45B0-ADAB-D71F72BC7747}
+		{A4DDDD7A-99EF-4FF2-83FC-F74F7C6006AA} = {2852A29E-A52C-45B0-ADAB-D71F72BC7747}
 	EndGlobalSection
 EndGlobal