Skunnyk
About #Libxml2 usage in core products (macos, chrome, windows...) "The point is that libxml2 never had the quality to be used in mainstream browsers or operating systems to begin with. [...]. Originally it was kind of a growth hack, but now these companies make billions of profits and refuse to pay back their technical debt, either by switching to better solutions, developing their own or by trying to improve libxml2." https://gitlab.gnome.org/GNOME/libxml2/-/issues/913#note_2439345
Triaging security issues reported by third parties (#913) · Issues · GNOME / libxml2 · GitLab

I have to spend several hours each week dealing with security issues reported by third parties. Most of these issues aren't critical but it's still a lot of...

GitLab
Jun 24 at 7:59amTusky
Show threadPhil Baker  Jun 24
@Skunnyk From my outside perspective, it appears that libxml2 appears to be a thorn in the side of #FreeBSD port maintainers (bug linked to below).
The latest version of libxml2 in FreeBSD 14.3 is 2.11, which contains two unpatched CVEs on my system.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279705