With the recent release of version 1.3.0, league/commonmark now offers full support for Github-Flavored Markdown!
This weekend I've tagged the first pre-releases of the 1.x branch! I strongly encourage everyone to test their applications and extensions against this beta and provide any feedback. (Helpful information can be found in the upgrading guide.) Unless there are any major issues we'll plan on releasing a stable 1.0.0 version in the coming weeks!
A cross-site scripting (XSS) vulnerability was found in the PHP League's CommonMark library (
league/commonmark) versions 0.15.6 through 0.18.x before 0.18.1. It allows remote attackers to insert unsafe URLs into
<a> tags (even if
false) by adding an encoded newline character in the middle (e.g., writing
This month I released updates for a few of my open-source projects including league/commonmark, league/html-to-markdown, and colinodell/json5.
Releasing open-source libraries involves much more than sharing your GitHub URL with the world. There are many considerations and steps involved, especially if you want your project to be successful and long-lived.
Markdown is one of the most popular markup languages on the web. Unfortunately, with no standard specification, every implementation works differently, producing varying results across different platforms. The CommonMark specification fixes this by providing an unambiguous syntax specification and a comprehensive suite of tests. In this session you'll learn about this standard and how to integrate the league/commonmark parser into their PHP applications. We'll also cover how to customize the library to implement new features like custom Markdown syntax or advanced renderers.
To celebrate this milestone I thought I'd share the story of how this package came about, how it's grown, and how I couldn't have reached this milestone without the PHP community's help.