Release 4.6.0.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>

Doxyfile

@@ -31,7 +31,7 @@ PROJECT_NAME           = HTMLPurifier
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER         = 4.5.0
+PROJECT_NUMBER         = 4.6.0
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.

FOCUS

@@ -1,4 +1,4 @@
-4 - Minor feature enhancements
+9 - Major security fixes
 
 [ Appendix A: Release focus IDs ]
 0 - N/A

NEWS

@@ -9,7 +9,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
     . Internal change
 ==========================
 
-4.6.0, unknown release date
+4.6.0, released 2013-11-30
 # Secure URI munge hashing algorithm has changed to hash_hmac("sha256", $url, $secret).
   Please update any verification scripts you may have.
 # URI parsing algorithm was made more strict, so only prefixes which

VERSION

@@ -1 +1 @@
-4.5.0
+4.6.0

WHATSNEW

@@ -1,6 +1,5 @@
-HTML Purifier 4.5.0 is a minor bugfix and feature release, containing an
-accumulation of changes over a year.  CSS support has been extended to
-support display:inline-block, white-space, underscores in font families,
-page-break-* CSS3 properties (when proprietary is enabled.)  We now use
-SHA-1 to identify cached definitions, and the semantics of stacked
-attribute transforms has changed slightly.
+HTML Purifier 4.6.0 is a major security release, fixing numerous bad
+quadratic asymptotics in HTML Purifier's core algorithms.  Most users will
+see a decent speedup on large inputs, although small inputs may take
+longer.  Additionally, the secure URI munging algorithm has changed to
+do a proper HMAC.  There are some other miscellaneous bugfixes as well.

library/HTMLPurifier.includes.php

@@ -7,7 +7,7 @@
  * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
  * FILE, changes will be overwritten the next time the script is run.
  *
- * @version 4.5.0
+ * @version 4.6.0
  *
  * @warning
  *      You must *not* include any other HTML Purifier files before this file,

library/HTMLPurifier.php

@@ -19,7 +19,7 @@
  */
 
 /*
-    HTML Purifier 4.5.0 - Standards Compliant HTML Filtering
+    HTML Purifier 4.6.0 - Standards Compliant HTML Filtering
     Copyright (C) 2006-2008 Edward Z. Yang
 
     This library is free software; you can redistribute it and/or
@@ -58,12 +58,12 @@ class HTMLPurifier
      * Version of HTML Purifier.
      * @type string
      */
-    public $version = '4.5.0';
+    public $version = '4.6.0';
 
     /**
      * Constant with version of HTML Purifier.
      */
-    const VERSION = '4.5.0';
+    const VERSION = '4.6.0';
 
     /**
      * Global configuration object.

library/HTMLPurifier/Config.php

@@ -21,7 +21,7 @@ class HTMLPurifier_Config
      * HTML Purifier's version
      * @type string
      */
-    public $version = '4.5.0';
+    public $version = '4.6.0';
 
     /**
      * Whether or not to automatically finalize