The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files.
This library implements a number of existing standards related to markup languages, including the XML standard, name spaces in XML, XML Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and XML catalogs. In most cases, libxml tries to implement the specification in a rather strict way. To some extent, it provides support for the following specifications, but does not claim to implement them: DOM, FTP client, HTTP client, and SAX.
The library also supports RelaxNG. Support for W3C XML Schemas is in progress.
This library implements a number of existing standards related to markup languages, including the XML standard, name spaces in XML, XML Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and XML catalogs. In most cases, libxml tries to implement the specification in a rather strict way. To some extent, it provides support for the following specifications, but does not claim to implement them: DOM, FTP client, HTTP client, and SAX.
The library also supports RelaxNG. Support for W3C XML Schemas is in progress.
Homepage | http://xmlsoft.org |
---|
2.9.9

2.9.7


2.9.4

Distribution | Version | Since | Package | Installed | Packager | |
---|---|---|---|---|---|---|
![]() | rpm | 2.9.7-lp150.1.7 | Jan 17 | 579 kiB | 1.5 MiB | https://bugs.opensuse.org |
![]() | rpm | 2.9.7-lp150.2.6.1 | Feb 21 | 579 kiB | 1.5 MiB | http://bugs.opensuse.org |
![]() | rpm | 2.9.7-lp150.2.3.1 | Jan 18 | 579 kiB | 1.5 MiB | http://bugs.opensuse.org |
![]() | rpm | 2.9.7-lp150.2.14.1 | 0 - 15:31 | 574 kiB | 1.5 MiB | http://bugs.opensuse.org |
![]() | rpm | 2.9.7-lp150.2.10.1 | Aug 18 | 574 kiB | 1.5 MiB | http://bugs.opensuse.org |
![]() | rpm | 2.9.7-lp151.4.2 | Mar 20 | 579 kiB | 1.5 MiB | https://bugs.opensuse.org |
![]() | rpm | 2.9.7-lp151.5.6.1 | 0 - 11:46 | 574 kiB | 1.5 MiB | http://bugs.opensuse.org |
![]() | rpm | 2.9.7-lp151.5.3.1 | Aug 18 | 574 kiB | 1.5 MiB | http://bugs.opensuse.org |
![]() | rpm | 2.9.4-10.1 | Jan 17 | 518 kiB | 1.37 MiB | http://bugs.opensuse.org |
![]() | rpm | 2.9.4-18.1 | Jan 21 | 519 kiB | 1.37 MiB | http://bugs.opensuse.org |
![]() | rpm | 2.9.4-15.1 | Jan 21 | 519 kiB | 1.37 MiB | http://bugs.opensuse.org |
![]() | rpm | 2.9.4-12.1 | Jan 21 | 518 kiB | 1.37 MiB | http://bugs.opensuse.org |
![]() | rpm | 2.9.9-2.2 | Oct 11 | 577 kiB | 1.52 MiB | https://bugs.opensuse.org |
Latest updates

OpenSUSE Leap 15.0 update/oss: Updated from 2.9.7-lp150.2.10.1 to 2.9.7-lp150.2.14.1
0 - 15:31
- Synchronize changelog files for libxml2 and python-libxml2-python [bsc#1123919]

OpenSUSE Leap 15.1 update/oss: Updated from 2.9.7-lp151.5.3.1 to 2.9.7-lp151.5.6.1
0 - 11:46
- Synchronize changelog files for libxml2 and python-libxml2-python [bsc#1123919]

OpenSUSE Tumbleweed oss: Updated from 2.9.9-2.1 to 2.9.9-2.2
Oct 11
- Do not depend on setuptools to keep the depgraph small and avoid build cycles

OpenSUSE Tumbleweed oss: Updated from 2.9.9-1.4 to 2.9.9-2.1
Sep 17
- Do not depend on setuptools to keep the depgraph small and avoid build cycles

OpenSUSE Leap 15.0 update/oss: Updated from 2.9.7-lp150.2.6.1 to 2.9.7-lp150.2.10.1
Aug 18
- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files [bsc#1135123]
- Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch

OpenSUSE Leap 15.1 update/oss: Version 2.9.7-lp151.5.3.1 introduced
Aug 18
- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files [bsc#1135123]
- Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch

OpenSUSE Tumbleweed oss: Updated from 2.9.9-1.3 to 2.9.9-1.4
Jul 16
- Version update to 2.9.9:
- Security:
- CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA
- CVE-2018-14404 Fix nullptr deref with XPath logic ops
- Bug fixes:
- Fix building relative URIs
- Problem with data in interleave in RelaxNG validation
- Fix memory leak in xmlSwitchInputEncodingInt error path
- Set doc on element obtained from freeElems
- Fix HTML serialization with UTF-8 encoding
- Use actual doc in xmlTextReaderRead*Xml
- Unlink node before freeing it in xmlSAX2StartElement
- Check return value of nodePush in xmlSAX2StartElement
- Free input buffer in xmlHaltParser
- Reset HTML parser input pointers on encoding failure
- Fix xmlSchemaValidCtxtPtr reuse memory leak
- Fix xmlTextReaderNext with preparsed document
- HTML noscript should not close p
- Don't change context node in xmlXPathRoot
- Improvements:
- Remove redefined starts and defines inside include elements
- Allow choice within choice in nameClass in RELAX NG
- Look inside divs for starts and defines inside include
- Add newlines to 'xmllint --xpath' output
- Don't include SAX.h from globals.h
- Support xmlTextReaderNextSibling w/o preparsed doc
- Improve restoring of context size and position
- Simplify and harden nodeset filtering
- Avoid unnecessary backups of the context node
- Fix inconsistency in xmlXPathIsInf
- Security:

OpenSUSE Tumbleweed oss: Updated from 2.9.9-1.1 to 2.9.9-1.3
Jun 17
- Version update to 2.9.9:
- Security:
- CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA
- CVE-2018-14404 Fix nullptr deref with XPath logic ops
- Bug fixes:
- Fix building relative URIs
- Problem with data in interleave in RelaxNG validation
- Fix memory leak in xmlSwitchInputEncodingInt error path
- Set doc on element obtained from freeElems
- Fix HTML serialization with UTF-8 encoding
- Use actual doc in xmlTextReaderRead*Xml
- Unlink node before freeing it in xmlSAX2StartElement
- Check return value of nodePush in xmlSAX2StartElement
- Free input buffer in xmlHaltParser
- Reset HTML parser input pointers on encoding failure
- Fix xmlSchemaValidCtxtPtr reuse memory leak
- Fix xmlTextReaderNext with preparsed document
- HTML noscript should not close p
- Don't change context node in xmlXPathRoot
- Improvements:
- Remove redefined starts and defines inside include elements
- Allow choice within choice in nameClass in RELAX NG
- Look inside divs for starts and defines inside include
- Add newlines to 'xmllint --xpath' output
- Don't include SAX.h from globals.h
- Support xmlTextReaderNextSibling w/o preparsed doc
- Improve restoring of context size and position
- Simplify and harden nodeset filtering
- Avoid unnecessary backups of the context node
- Fix inconsistency in xmlXPathIsInf
- Security:

OpenSUSE Leap 15.0 update/oss: Version 2.9.7-lp150.2.6.1 reintroduced
Mar 23
- Security fix:
bsc#1088279, CVE-2018-9251[bsc#1105166, CVE-2018-14567]
- Infinite loop in LZMA decompression
- Fixes CVE-2018-9251 introduced by CVE-2017-18258
- Added libxml2-CVE-2018-14567.patch

OpenSUSE Leap 15.0 update/oss: Version 2.9.7-lp150.2.3.1 reintroduced
Mar 23
- Security fix:
bsc#1088279, CVE-2018-9251[bsc#1105166, CVE-2018-14567]
- Infinite loop in LZMA decompression
- Fixes CVE-2018-9251 introduced by CVE-2017-18258
- Added libxml2-CVE-2018-14567.patch

OpenSUSE Leap 15.0 update/oss: Version 2.9.7-lp150.2.6.1 removed
Mar 22

OpenSUSE Leap 15.0 update/oss: Version 2.9.7-lp150.2.3.1 removed
Mar 22

OpenSUSE Leap 15.1 oss: Updated from 2.9.7-lp151.4.1 to 2.9.7-lp151.4.2
Mar 20
- Security fix:
bsc#1088279, CVE-2018-9251[bsc#1105166, CVE-2018-14567]
- Infinite loop in LZMA decompression
- Fixes CVE-2018-9251 introduced by CVE-2017-18258
- Added libxml2-CVE-2018-14567.patch

OpenSUSE Leap 15.0 update/oss: Updated from 2.9.7-lp150.2.3.1 to 2.9.7-lp150.2.6.1
Feb 21
- Security fix:
bsc#1088279, CVE-2018-9251[bsc#1105166, CVE-2018-14567]
- Infinite loop in LZMA decompression
- Fixes CVE-2018-9251 introduced by CVE-2017-18258
- Added libxml2-CVE-2018-14567.patch

OpenSUSE Leap 15.1 oss: Updated from 2.9.7-lp151.3.3 to 2.9.7-lp151.4.1
Feb 19
- Security fix:
bsc#1088279, CVE-2018-9251[bsc#1105166, CVE-2018-14567]
- Infinite loop in LZMA decompression
- Fixes CVE-2018-9251 introduced by CVE-2017-18258
- Added libxml2-CVE-2018-14567.patch

OpenSUSE Tumbleweed oss: Updated from 2.9.8-2.5 to 2.9.9-1.1
Feb 06
- Version update to 2.9.9:
- Security:
- CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA
- CVE-2018-14404 Fix nullptr deref with XPath logic ops
- Bug fixes:
- Fix building relative URIs
- Problem with data in interleave in RelaxNG validation
- Fix memory leak in xmlSwitchInputEncodingInt error path
- Set doc on element obtained from freeElems
- Fix HTML serialization with UTF-8 encoding
- Use actual doc in xmlTextReaderRead*Xml
- Unlink node before freeing it in xmlSAX2StartElement
- Check return value of nodePush in xmlSAX2StartElement
- Free input buffer in xmlHaltParser
- Reset HTML parser input pointers on encoding failure
- Fix xmlSchemaValidCtxtPtr reuse memory leak
- Fix xmlTextReaderNext with preparsed document
- HTML noscript should not close p
- Don't change context node in xmlXPathRoot
- Improvements:
- Remove redefined starts and defines inside include elements
- Allow choice within choice in nameClass in RELAX NG
- Look inside divs for starts and defines inside include
- Add newlines to 'xmllint --xpath' output
- Don't include SAX.h from globals.h
- Support xmlTextReaderNextSibling w/o preparsed doc
- Improve restoring of context size and position
- Simplify and harden nodeset filtering
- Avoid unnecessary backups of the context node
- Fix inconsistency in xmlXPathIsInf
- Security:

OpenSUSE Tumbleweed oss: Updated from 2.9.8-2.3 to 2.9.8-2.5
Feb 03
- Use %license instead of %doc [bsc#1082318]

OpenSUSE Leap 15.1 oss: Version 2.9.7-lp151.3.3 introduced
Jan 23
- Security fix:
bsc#1088279, CVE-2018-9251[bsc#1105166, CVE-2018-14567]
- Infinite loop in LZMA decompression
- Fixes CVE-2018-9251 introduced by CVE-2017-18258
- Added libxml2-CVE-2018-14567.patch

OpenSUSE Leap 42.3 update/oss: Updated from 2.9.4-15.1 to 2.9.4-18.1
Jan 21
- Security fix:
bsc#1088279, CVE-2018-9251[bsc#1105166, CVE-2018-14567]
- Infinite loop in LZMA decompression
- Fixes CVE-2018-9251 introduced by CVE-2017-18258
- Added libxml2-CVE-2018-14567.patch

OpenSUSE Leap 42.3 update/oss: Updated from 2.9.4-12.1 to 2.9.4-15.1
Jan 21
- Security fix [bsc#1078813, CVE-2016-5131]
- Use-after-free vulnerability in libxml2 through 2.9.4,
as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. - Added patches:
- libxml2-2.9.4-CVE-2016-5131.patch
- libxml2-xmlXPathCmpNodes.patch
- Use-after-free vulnerability in libxml2 through 2.9.4,
Related packages
libxml2 - Library providing XML and HTML support
libxml2-2 - A Library to Manipulate XML Files
libxml2-2-32bit-debuginfo - Debug information for package libxml2-2