Libxml2 Becomes Officially Unmaintained After Maintainer Steps Down (de facto standard XML and HTML parsing library)

[rte66]

Libxml2 Becomes Officially Unmaintained After Maintainer Steps Down

Libxml2 is now officially unmaintained after its long-time maintainer stepped down, leaving the widely used XML library without active development.

linuxiac.com

I checked my filesystem and I have this in my stock FreeBSD 4.3 system. The article said this is a huge core library on a lot of systems. The article also describes security issues.

Quote from article: "First, libxml2 is the de facto standard XML and HTML parsing library in the open-source world."

Is this libxml2 library the same one that is in FreeBSD?

 

[Jose]

I checked my filesystem and I have this in my stock FreeBSD 4.3 system.

Hopefully you mean 14.3... Otherwise, holy time machine, Batman!

The article also describes security issues.

Yeah, it sounds like the maintainer was fatigued by these endless "issues" found by "security" researchers looking to make a name for themselves:

libxml2 has never been safe to use with untrusted input. It doesn't help to pretend otherwise.

Make the XML parser O(n) (#346) · Issues · GNOME / libxml2 · GitLab

The execution time of the XML parser should be guaranteed to scale linearly with the size of the input (or the size of the output if entities are...

gitlab.gnome.org

Is this libxml2 library the same one that is in FreeBSD?

Yes. The link in Freshports redirects to https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home
It's the same project.

 

[rte66]

Yes, it is FreeBSD 14.3. Sorry...

 

[rte66]

I emailed someone at a company (System76) that I had bought a PC from that has their Linux distribution on it. One of the engineers there told me not to worry and that someone has stepped in to maintain the library and gave me the name. I looked it up and it is a software engineer in Spain. The engineer at System76 said that the development on the library continues.