EpubCheck v4.0.2 is now available on GitHub:
This version includes a fix for a **critical security vulnerability** (CVE-2016-9487) which may, under some circumstances, enable a remote attacker to access arbitrary files on the system where EpubCheck is running.
**Important**: All users should update to EpubCheck 4.0.2 as soon as possible.
Other enhancements include:
- Enhanced XML report output
- New method Archive.createArchive(File) to specify file paths when using this in 3rd party tools
And bug fixes:
- Fix for critical vulnerability CVE-2016-9487
- Fix for unclosed ImageInputStreams on image file validation
- Clarify ACC-009 message: 'alt' -> 'alttext' attribute
- Make BitmapChecker.ImageHeuristics a public object
- Bugfix for false positive error messages due to locale settings
The details in the list of issues closed since the last public release is available at:
Special thanks to Craig Arendt (@craig_arendt) for having identified the vulnerability and disclosed it privately to EpubCheck's team!
Thanks also to Tobias Fisher, Thomas Ledoux, and other contributors or bug reporters!
Romain Deltour – @rdeltour
Software and standards development
The DAISY Consortium