A Twitter Spaces discussion hosted by Unleash about open-source maintainership, the PHP League, platform engineering, and 3D printing.
CommonMark
After 96 releases, 368 pull requests, and over 48 million downloads, I'm pleased to share that the next major version of league/commonmark 2.0.0 stable is now generally available! 🎉🎉
You can install the latest version via Composer:
composer require league/commonmark:^2.0
What's new in 2.0?
There's so much to cover, but here are the key improvements and changes:
With the 2.0.0 stable release of league/commonmark
scheduled for next month, I'm pleased to share that the first 2.0 beta releases are now available! Current users of this library are highly encouraged to test this new branch and provide feedback.
You can install the beta release via Composer:
I'm excited to share that version 1.6.0 of league/commonmark has been released! This will be the last minor release of the 1.x branch - all efforts will now be focused on wrapping up development of 2.0.0!
Please see https://commonmark.thephpleague.com/1.6/upgrading/ for important information about this release and the upcoming 2.0.0 version.
Version 1.5.0 of the league/commonmark Markdown library has just been released!
This will likely be the last minor release of 1.x
as we focus efforts on developing 2.0. This post breaks down some of the new features and changes you should know about 1.5.0.
After 2,086 days, 1,632 commits, and 75 releases I'm pleased to share that league/commonmark has been downloaded over 10 million times! 🎉🎉🎉
With the recent release of version 1.3.0, league/commonmark now offers full support for Github-Flavored Markdown!
After 5 years of development, 3,000,000 downloads, and 58 releases, I'm extremely pleased to announce that league/commonmark version 1.0.0 has been released!
This weekend I've tagged the first pre-releases of the 1.x branch! I strongly encourage everyone to test their applications and extensions against this beta and provide any feedback. (Helpful information can be found in the upgrading guide.) Unless there are any major issues we'll plan on releasing a stable 1.0.0 version in the coming weeks!
A cross-site scripting (XSS) vulnerability was found in the PHP League's CommonMark library (league/commonmark
) versions 0.15.6 through 0.18.x before 0.18.1. It allows remote attackers to insert unsafe URLs into <a>
tags (even if allow_unsafe_links
is false
) by adding an encoded newline character in the middle (e.g., writing javascript
as javascri%0Apt
).