Release 4.3.0

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

Doxyfile

@@ -31,7 +31,7 @@ PROJECT_NAME           = HTMLPurifier
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER         = 4.2.0
+PROJECT_NUMBER         = 4.3.0
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.

FOCUS

@@ -1,4 +1,4 @@
-4 - Minor feature enhancements
+9 - Major security fixes
 
 [ Appendix A: Release focus IDs ]
 0 - N/A

NEWS

@@ -9,7 +9,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
     . Internal change
 ==========================
 
-4.3.0, unknown release date
+4.3.0, released 2011-03-27
 # Fixed broken caching of customized raw definitions, but requires an
   API change.  The old API still works but will emit a warning,
   see http://htmlpurifier.org/docs/enduser-customize.html#optimized

TODO

@@ -27,7 +27,7 @@ Things to do as soon as possible:
 FUTURE VERSIONS
 ---------------
 
-4.3 release [OMG CONFIG PONIES]
+4.4 release [OMG CONFIG PONIES]
  ! Fix Printer. It's from the old days when we didn't have decent XML classes
  ! Factor demo.php into a set of Printer classes, and then create a stub
    file for users here (inside the actual HTML Purifier library)

VERSION

@@ -1 +1 @@
-4.2.0
+4.3.0

WHATSNEW

@@ -1,8 +1,8 @@
-HTML Purifier 4.2.0 is a minor release that implements a number of
-feature requests accumulated over half a year.  New configuration
-options include %Core.RemoveProcessingInstructions,
-%CSS.ForbiddenProperties, %HTML.FlashAllowFullScreen and
-%Core.NormalizeNewlines.  Additionally,%URI.DisableResources is
-now functional and file: is an optionally supported URI scheme.
-There are also some minor bugfixes, usability improvements and
-documentation updates.
+HTML Purifier 4.3.0 is a major security release addressing various
+security vulnerabilities related to user-submitted code and legitimate
+client-side scripts.  It also contains an accumulation of new features
+and bugfixes over half a year.  New configuration options include
+%CSS.Trusted, %CSS.AllowedFonts and %Cache.SerializerPermissions.
+There is a backwards-incompatible API change for customized raw
+definitions, see <http://htmlpurifier.org/docs/enduser-customize.html#optimized>
+for details.

library/HTMLPurifier.includes.php

@@ -7,7 +7,7 @@
  * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
  * FILE, changes will be overwritten the next time the script is run.
  *
- * @version 4.2.0
+ * @version 4.3.0
  *
  * @warning
  *      You must *not* include any other HTML Purifier files before this file,

library/HTMLPurifier.php

@@ -19,7 +19,7 @@
  */
 
 /*
-    HTML Purifier 4.2.0 - Standards Compliant HTML Filtering
+    HTML Purifier 4.3.0 - Standards Compliant HTML Filtering
     Copyright (C) 2006-2008 Edward Z. Yang
 
     This library is free software; you can redistribute it and/or
@@ -55,10 +55,10 @@ class HTMLPurifier
 {
 
     /** Version of HTML Purifier */
-    public $version = '4.2.0';
+    public $version = '4.3.0';
 
     /** Constant with version of HTML Purifier */
-    const VERSION = '4.2.0';
+    const VERSION = '4.3.0';
 
     /** Global configuration object */
     public $config;

library/HTMLPurifier/Config.php

@@ -20,7 +20,7 @@ class HTMLPurifier_Config
     /**
      * HTML Purifier's version
      */
-    public $version = '4.2.0';
+    public $version = '4.3.0';
 
     /**
      * Bool indicator whether or not to automatically finalize