Good timing, you spare me asking similar. I was looking at updating its little brother, libxslt (unmaintained, ~7 years), and it is advised to update libxml2 then libxslt.
That too I noticed has a good collection of security fixes over the last version built. On Fri, Apr 18, 2025 at 10:04 AM Brian Inglis via Cygwin-apps <cygwin-apps@cygwin.com> wrote: > > Hi folks, > > Looks like > 10 CVEs affecting libxml2 overdue for updates including latest: > > https://seclists.org/oss-sec/2025/q2/59 > > https://gitlab.gnome.org/GNOME/libxml2/-/issues/?sort=created_date&state=all&search=CVE&first_page_size=20 >
