Changelogs » Lxml

PyUp Safety actively tracks 323,951 Python packages for vulnerabilities and notifies you when to upgrade.

Lxml

4.6.3

==================
  
  Bugs fixed
  ----------
  
  * A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung,
  which allowed JavaScript to pass through.  The cleaner now removes the HTML5
  ``formaction`` attribute.

4.6.2 not secure

==================
  
  Bugs fixed
  ----------
  
  * A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry,
  which allowed JavaScript to pass through.  The cleaner now removes more sneaky
  "style" content.

4.6.1 not secure

==================
  
  Bugs fixed
  ----------
  
  * A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed
  JavaScript to pass through.  The cleaner now removes more sneaky "style" content.

4.6.0 not secure

==================
  
  Features added
  --------------
  
  * GH310: ``lxml.html.InputGetter`` supports ``__len__()`` to count the number of input fields.
  Patch by Aidan Woolley.
  
  * ``lxml.html.InputGetter`` has a new ``.items()`` method to ease processing all input fields.
  
  * ``lxml.html.InputGetter.keys()`` now returns the field names in document order.
  
  * GH-309: The API documentation is now generated using ``sphinx-apidoc``.
  Patch by Chris Mayo.
  
  Bugs fixed
  ----------
  
  * LP1869455: C14N 2.0 serialisation failed for unprefixed attributes
  when a default namespace was defined.
  
  * ``TreeBuilder.close()`` raised ``AssertionError`` in some error cases where it
  should have raised ``XMLSyntaxError``.  It now raises a combined exception to
  keep up backwards compatibility, while switching to ``XMLSyntaxError`` as an
  interface.

4.5.2 not secure

==================
  
  Bugs fixed
  ----------
  
  * ``Cleaner()`` now validates that only known configuration options can be set.
  
  * LP1882606: ``Cleaner.clean_html()`` discarded comments and PIs regardless of the
  corresponding configuration option, if ``remove_unknown_tags`` was set.
  
  * LP1880251: Instead of globally overwriting the document loader in libxml2, lxml now
  sets it per parser run, which improves the interoperability with other users of libxml2
  such as libxmlsec.
  
  * LP1881960: Fix build in CPython 3.10 by using Cython 0.29.21.
  
  * The setup options "--with-xml2-config" and "--with-xslt-config" were accidentally renamed
  to "--xml2-config" and "--xslt-config" in 4.5.1 and are now available again.

4.5.1 not secure

==================
  
  Bugs fixed
  ----------
  
  * LP1570388: Fix failures when serialising documents larger than 2GB in some cases.
  
  * LP1865141, GH298: ``QName`` values were not accepted by the ``el.iter()`` method.
  Patch by xmo-odoo.
  
  * LP1863413, GH297: The build failed to detect libraries on Linux that are only
  configured via pkg-config.
  Patch by Hugh McMaster.

4.5.0 not secure

==================
  
  Features added
  --------------
  
  * A new function ``indent()`` was added to insert tail whitespace for pretty-printing
  an XML tree.
  
  Bugs fixed
  ----------
  
  * LP1857794: Tail text of nodes that get removed from a document using item
  deletion disappeared silently instead of sticking with the node that was removed.
  
  Other changes
  -------------
  
  * MacOS builds are 64-bit-only by default.
  Set CFLAGS and LDFLAGS explicitly to override it.
  
  * Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34.
  
  * LP1840234: The package version number is now available as ``lxml.__version__``.

4.4.3 not secure

==================
  
  Bugs fixed
  ----------
  
  * LP1844674: ``itertext()`` was missing tail text of comments and PIs since 4.4.0.

4.4.2 not secure

==================
  
  Bugs fixed
  ----------
  
  * LP1835708: ``ElementInclude`` incorrectly rejected repeated non-recursive
  includes as recursive.
  Patch by Rainer Hausdorf.

4.4.1 not secure

==================
  
  Bugs fixed
  ----------
  
  * LP1838252: The order of an OrderedDict was lost in 4.4.0 when passing it as
  attrib mapping during element creation.
  
  * LP1838521: The package metadata now lists the supported Python versions.

4.4.0 not secure

==================
  
  Features added
  --------------
  
  * ``Element.clear()`` accepts a new keyword argument ``keep_tail=True`` to clear
  everything but the tail text.  This is helpful in some document-style use cases
  and for clearing the current element in ``iterparse()`` and pull parsing.
  
  * When creating attributes or namespaces from a dict in Python 3.6+, lxml now
  preserves the original insertion order of that dict, instead of always sorting
  the items by name.  A similar change was made for ElementTree in CPython 3.8.
  See https://bugs.python.org/issue34160
  
  * Integer elements in ``lxml.objectify`` implement the ``__index__()`` special method.
  
  * GH269: Read-only elements in XSLT were missing the ``nsmap`` property.
  Original patch by Jan Pazdziora.
  
  * ElementInclude can now restrict the maximum inclusion depth via a ``max_depth``
  argument to prevent content explosion.  It is limited to 6 by default.
  
  * The ``target`` object of the XMLParser can have ``start_ns()`` and ``end_ns()``
  callback methods to listen to namespace declarations.
  
  * The ``TreeBuilder`` has new arguments ``comment_factory`` and ``pi_factory`` to
  pass factories for creating comments and processing instructions, as well as
  flag arguments ``insert_comments`` and ``insert_pis`` to discard them from the
  tree when set to false.
  
  * A `C14N 2.0 <https://www.w3.org/TR/xml-c14n2/>`_ implementation was added as
  ``etree.canonicalize()``, a corresponding ``C14NWriterTarget`` class, and
  a ``c14n2`` serialisation method.
  
  Bugs fixed
  ----------
  
  * When writing to file paths that contain the URL escape character '%', the file
  path could wrongly be mangled by URL unescaping and thus write to a different
  file or directory.  Code that writes to file paths that are provided by untrusted
  sources, but that must work with previous versions of lxml, should best either
  reject paths that contain '%' characters, or otherwise make sure that the path
  does not contain maliciously injected '%XX' URL hex escapes for paths like '../'.
  
  * Assigning to Element child slices with negative step could insert the slice at
  the wrong position, starting too far on the left.
  
  * Assigning to Element child slices with overly large step size could take very
  long, regardless of the length of the actual slice.
  
  * Assigning to Element child slices of the wrong size could sometimes fail to
  raise a ValueError (like a list assignment would) and instead assign outside
  of the original slice bounds or leave parts of it unreplaced.
  
  * The ``comment`` and ``pi`` events in ``iterwalk()`` were never triggered, and
  instead, comments and processing instructions in the tree were reported as
  ``start`` elements.  Also, when walking an ElementTree (as opposed to its root
  element), comments and PIs outside of the root element are now reported.
  
  * LP1827833: The RelaxNG compact syntax support was broken with recent versions
  of ``rnc2rng``.
  
  * LP1758553: The HTML elements ``source`` and ``track`` were added to the list
  of empty tags in ``lxml.html.defs``.
  
  * Registering a prefix other than "xml" for the XML namespace is now rejected.
  
  * Failing to write XSLT output to a file could raise a misleading exception.
  It now raises ``IOError``.
  
  Other changes
  -------------
  
  * Support for Python 3.4 was removed.
  
  * When using ``Element.find*()`` with prefix-namespace mappings, the empty string
  is now accepted to define a default namespace, in addition to the previously
  supported ``None`` prefix.  Empty strings are more convenient since they keep
  all prefix keys in a namespace dict strings, which simplifies sorting etc.
  
  * The ``ElementTree.write_c14n()`` method has been deprecated in favour of the
  long preferred ``ElementTree.write(f, method="c14n")``.  It will be removed
  in a future release.

4.3.5 not secure

==================
  
  * Rebuilt with Cython 0.29.13 to support Python 3.8.

4.3.4 not secure

==================
  
  * Rebuilt with Cython 0.29.10 to support Python 3.8.

4.3.3 not secure

==================
  
  Bugs fixed
  ----------
  
  * Fix leak of output buffer and unclosed files in ``_XSLTResultTree.write_output()``.

4.3.2 not secure

==================
  
  Bugs fixed
  ----------
  
  * Crash in 4.3.1 when appending a child subtree with certain text nodes.
  
  Other changes
  -------------
  
  * Built with Cython 0.29.6.

4.3.1 not secure

==================
  
  Bugs fixed
  ----------
  
  * LP1814522: Crash when appending a child subtree that contains unsubstituted
  entity references.
  
  Other changes
  -------------
  
  * Built with Cython 0.29.5.

4.3.0 not secure

==================
  
  Features added
  --------------
  
  * The module ``lxml.sax`` is compiled using Cython in order to speed it up.
  
  * GH267: ``lxml.sax.ElementTreeProducer`` now preserves the namespace prefixes.
  If two prefixes point to the same URI, the first prefix in alphabetical order
  is used.  Patch by Lennart Regebro.
  
  * Updated ISO-Schematron implementation to 2013 version (now MIT licensed)
  and the corresponding schema to the 2016 version (with optional "properties").
  
  Other changes
  -------------
  
  * GH270, GH271: Support for Python 2.6 and 3.3 was removed.
  Patch by hugovk.
  
  * The minimum dependency versions were raised to libxml2 2.9.2 and libxslt 1.1.27,
  which were released in 2014 and 2012 respectively.
  
  * Built with Cython 0.29.2.

4.2.6 not secure

==================
  
  Bugs fixed
  ----------
  
  * LP1799755: Fix a DeprecationWarning in Py3.7+.
  
  * Import warnings in Python 3.6+ were resolved.

4.2.5 not secure

==================
  
  Bugs fixed
  ----------
  
  * Javascript URLs that used URL escaping were not removed by the HTML cleaner.
  Security problem found by Omar Eissa.  (CVE-2018-19787)

4.2.4 not secure

==================
  
  Features added
  --------------
  
  * GH259: Allow using ``pkg-config`` for build configuration.
  Patch by Patrick Griffis.
  
  Bugs fixed
  ----------
  
  * LP1773749, GH268: Crash when moving an element to another document with
  ``Element.insert()``.
  Patch by Alexander Weggerle.

4.2.3 not secure

==================
  
  Bugs fixed
  ----------
  
  * Reverted GH265: lxml links against zlib as a shared library again.

4.2.2 not secure

==================
  
  Bugs fixed
  ----------
  
  * GH266: Fix sporadic crash during GC when parse-time schema validation is used
  and the parser participates in a reference cycle.
  Original patch by Julien Greard.
  
  * GH265: lxml no longer links against zlib as a shared library, only on static builds.
  Patch by Nehal J Wani.

4.2.1 not secure

==================
  
  Bugs fixed
  ----------
  
  * LP1755825: ``iterwalk()`` failed to return the 'start' event for the initial
  element if a tag selector is used.
  
  * LP1756314: Failure to import 4.2.0 into PyPy due to a missing library symbol.
  
  * LP1727864, GH258: Add "-isysroot" linker option on MacOS as needed by XCode 9.

4.2.0 not secure

==================
  
  Features added
  --------------
  
  * GH255: ``SelectElement.value`` returns more standard-compliant and
  browser-like defaults for non-multi-selects.  If no option is selected, the
  value of the first option is returned (instead of None).  If multiple options
  are selected, the value of the last one is returned (instead of that of the
  first one).  If no options are present (not standard-compliant)
  ``SelectElement.value`` still returns ``None``.
  
  * GH261: The ``HTMLParser()`` now supports the ``huge_tree`` option.
  Patch by stranac.
  
  Bugs fixed
  ----------
  
  * LP1551797: Some XSLT messages were not captured by the transform error log.
  
  * LP1737825: Crash at shutdown after an interrupted iterparse run with XMLSchema
  validation.
  
  Other changes
  -------------

4.1.1 not secure

==================
  
  * Rebuild with Cython 0.27.3 to improve support for Py3.7.

4.1.0 not secure

==================
  
  Features added
  --------------
  
  * ElementPath supports text predicates for current node, like "[.='text']".
  
  * ElementPath allows spaces in predicates.
  
  * Custom Element classes and XPath functions can now be registered with a
  decorator rather than explicit dict assignments.
  
  * Static Linux wheels are now built with link time optimisation (LTO) enabled.
  This should have a beneficial impact on the overall performance by providing
  a tighter compiler integration between lxml and libxml2/libxslt.
  
  Bugs fixed
  ----------
  
  * LP1722776: Requesting non-Element objects like comments from a document with
  ``PythonElementClassLookup`` could fail with a TypeError.

4.0.0 not secure

==================
  
  Features added
  --------------
  
  * The ElementPath implementation is now compiled using Cython,
  which speeds up the ``.find*()`` methods quite significantly.
  
  * The modules ``lxml.builder``, ``lxml.html.diff`` and ``lxml.html.clean``
  are also compiled using Cython in order to speed them up.
  
  * ``xmlfile()`` supports async coroutines using ``async with`` and ``await``.
  
  * ``iterwalk()`` has a new method ``skip_subtree()`` that prevents walking into
  the descendants of the current element.
  
  * ``RelaxNG.from_rnc_string()`` accepts a ``base_url`` argument to
  allow relative resource lookups.
  
  * The XSLT result object has a new method ``.write_output(file)`` that serialises
  output data into a file according to the ``<xsl:output>`` configuration.
  
  Bugs fixed
  ----------
  
  * GH251: HTML comments were handled incorrectly by the soupparser.
  Patch by mozbugbox.
  
  * LP1654544: The html5parser no longer passes the ``useChardet`` option
  if the input is a Unicode string, unless explicitly requested.  When parsing
  files, the default is to enable it when a URL or file path is passed (because
  the file is then opened in binary mode), and to disable it when reading from
  a file(-like) object.
  
  Note: This is a backwards incompatible change of the default configuration.
  If your code parses byte strings/streams and depends on character detection,
  please pass the option ``guess_charset=True`` explicitly, which already worked
  in older lxml versions.
  
  * LP1703810: ``etree.fromstring()`` failed to parse UTF-32 data with BOM.
  
  * LP1526522: Some RelaxNG errors were not reported in the error log.
  
  * LP1567526: Empty and plain text input raised a TypeError in soupparser.
  
  * LP1710429: Uninitialised variable usage in HTML diff.
  
  * LP1415643: The closing tags context manager in ``xmlfile()`` could continue
  to output end tags even after writing failed with an exception.
  
  * LP1465357: ``xmlfile.write()`` now accepts and ignores None as input argument.
  
  * Compilation under Py3.7-pre failed due to a modified function signature.
  
  Other changes
  -------------
  
  * The main module source files were renamed from ``lxml.*.pyx`` to plain
  ``*.pyx`` (e.g. ``etree.pyx``) to simplify their handling in the build
  process.  Care was taken to keep the old header files as fallbacks for
  code that compiles against the public C-API of lxml, but it might still
  be worth validating that third-party code does not notice this change.

3.8.0 not secure

==================
  
  Features added
  --------------
  
  * ``ElementTree.write()`` has a new option ``doctype`` that writes out a
  doctype string before the serialisation, in the same way as ``tostring()``.
  
  * GH220: ``xmlfile`` allows switching output methods at an element level.
  Patch by Burak Arslan.
  
  * LP1595781, GH240: added a PyCapsule Python API and C-level API for
  passing externally generated libxml2 documents into lxml.
  
  * GH244: error log entries have a new property ``path`` with an XPath
  expression (if known, None otherwise) that points to the tree element
  responsible for the error. Patch by Bob Kline.
  
  * The namespace prefix mapping that can be used in ElementPath now injects
  a default namespace when passing a None prefix.
  
  Bugs fixed
  ----------
  
  * GH238: Character escapes were not hex-encoded in the ``xmlfile`` serialiser.
  Patch by matejcik.
  
  * GH229: fix for externally created XML documents.  Patch by Theodore Dubois.
  
  * LP1665241, GH228: Form data handling in lxml.html no longer strips the
  option values specified in form attributes but only the text values.
  Patch by Ashish Kulkarni.
  
  * LP1551797: revert previous fix for XSLT error logging as it breaks
  multi-threaded XSLT processing.
  
  * LP1673355, GH233: ``fromstring()`` html5parser failed to parse byte strings.
  
  Other changes
  -------------
  
  * The previously undocumented ``docstring`` option in ``ElementTree.write()``
  produces a deprecation warning and will eventually be removed.

3.7.4

==================
  
  Bugs fixed
  ----------
  
  * LP1551797: revert previous fix for XSLT error logging as it breaks
  multi-threaded XSLT processing.
  
  * LP1673355, GH233: ``fromstring()`` html5parser failed to parse byte strings.

3.7.3 not secure

==================
  
  Bugs fixed
  ----------
  
  * GH218 was ineffective in Python 3.
  
  * GH222: ``lxml.html.submit_form()`` failed in Python 3.
  Patch by Jakub Wilk.

3.7.2 not secure

==================
  
  * GH220: ``xmlfile`` allows switching output methods at an element level.
  Patch by Burak Arslan.
  
  Bugs fixed
  ----------
  
  * Work around installation problems in recent Python 2.7 versions
  due to FTP download failures.
  
  * GH219: ``xmlfile.element()`` was not properly quoting attribute values.
  Patch by Burak Arslan.
  
  * GH218: ``xmlfile.element()`` was not properly escaping text content of
  script/style tags.  Patch by Burak Arslan.

3.7.1 not secure

==================
  
  * No source changes, issued only to solve problems with the
  binary packages released for 3.7.0.

3.7.0 not secure

==================
  
  Features added
  --------------
  
  * GH217: ``XMLSyntaxError`` now behaves more like its ``SyntaxError``
  baseclass.  Patch by Philipp A.
  
  * GH216: ``HTMLParser()`` now supports the same ``collect_ids`` parameter
  as ``XMLParser()``.  Patch by Burak Arslan.
  
  * GH210: Allow specifying a serialisation method in ``xmlfile.write()``.
  Patch by Burak Arslan.
  
  * GH203: New option ``default_doctype`` in ``HTMLParser`` that allows
  disabling the automatic doctype creation.  Patch by Shadab Zafar.
  
  * GH201: Calling the method ``.set('attrname')`` without value argument
  (or ``None``) on HTML elements creates an attribute without value that
  serialises like ``<div attrname></div>``.  Patch by Daniel Holth.
  
  * GH197: Ignore form input fields in ``form_values()`` when they are
  marked as ``disabled`` in HTML.  Patch by Kristian Klemon.
  
  Bugs fixed
  ----------
  
  * GH206: File name and line number were missing from XSLT error messages.
  Patch by Marcus Brinkmann.
  
  Other changes
  -------------
  
  * Log entries no longer allow anything but plain string objects as message text
  and file name.
  
  * ``zlib`` is included in the list of statically built libraries.

3.6.4 not secure

==================
  
  * GH204, LP1614693: build fix for MacOS-X.

3.6.3 not secure

==================
  
  * LP1614603: change linker flags to build multi-linux wheels

3.6.2 not secure

==================
  
  * LP1614603: release without source changes to provide cleanly built Linux wheels

3.6.1 not secure

==================
  
  Features added
  --------------
  
  * GH180: Separate option ``inline_style`` for Cleaner that only removes ``style``
  attributes instead of all styles.  Patch by Christian Pedersen.
  
  * GH196: Windows build support for Python 3.5.  Contribution by Maximilian Hils.
  
  Bugs fixed
  ----------
  
  * GH199: Exclude ``file`` fields from ``FormElement.form_values`` (as browsers do).
  Patch by Tomas Divis.
  
  * GH198, LP1568167: Try to provide base URL from ``Resolver.resolve_string()``.
  Patch by Michael van Tellingen.
  
  * GH191: More accurate float serialisation in ``objectify.FloatElement``.
  Patch by Holger Joukl.
  
  * LP1551797: Repair XSLT error logging. Patch by Marcus Brinkmann.

3.6.0 not secure

==================
  
  Features added
  --------------
  
  * GH187: Now supports (only) version 5.x and later of PyPy.
  Patch by Armin Rigo.
  
  * GH181: Direct support for ``.rnc`` files in `RelaxNG()` if ``rnc2rng``
  is installed.  Patch by Dirkjan Ochtman.
  
  Bugs fixed
  ----------
  
  * GH189: Static builds honour FTP proxy configurations when downloading
  the external libs.  Patch by Youhei Sakurai.
  
  * GH186: Soupparser failed to process entities in Python 3.x.
  Patch by Duncan Morris.
  
  * GH185: Rare encoding related ``TypeError`` on import was fixed.
  Patch by Petr Demin.

3.5.0 not secure

==================
  
  Bugs fixed
  ----------
  
  * Unicode string results failed XPath queries in PyPy.
  
  * LP1497051: HTML target parser failed to terminate on exceptions
  and continued parsing instead.
  
  * Deprecated API usage in doctestcompare.

3.5.0b1 not secure

====================
  
  Features added
  --------------
  
  * ``cleanup_namespaces()`` accepts a new argument ``keep_ns_prefixes``
  that does not remove definitions of the provided prefix-namespace
  mapping from the tree.
  
  * ``cleanup_namespaces()`` accepts a new argument ``top_nsmap`` that
  moves definitions of the provided prefix-namespace mapping to the
  top of the tree.
  
  * LP1490451: ``Element`` objects gained a ``cssselect()`` method as
  known from ``lxml.html``.  Patch by Simon Sapin.
  
  * API functions and methods behave and look more like Python functions,
  which allows introspection on them etc.  One side effect to be aware of
  is that the functions now bind as methods when assigned to a class
  variable.  A quick fix is to wrap them in ``staticmethod()`` (as for
  normal Python functions).
  
  * ISO-Schematron support gained an option ``error_finder`` that allows
  passing a filter function for picking validation errors from reports.
  
  * LP1243600: Elements in ``lxml.html`` gained a ``classes`` property
  that provides a set-like interface to the ``class`` attribute.
  Original patch by masklinn.
  
  * LP1341964: The soupparser now handles DOCTYPE declarations, comments
  and processing instructions outside of the root element.
  Patch by Olli Pottonen.
  
  * LP1421512: The ``docinfo`` of a tree was made editable to allow
  setting and removing the public ID and system ID of the DOCTYPE.
  Patch by Olli Pottonen.
  
  * LP1442427: More work-arounds for quirks and bugs in pypy and pypy3.
  
  * ``lxml.html.soupparser`` now uses BeautifulSoup version 4 instead
  of version 3 if available.
  
  Bugs fixed
  ----------
  
  * Memory errors that occur during tree adaptations (e.g. moving subtrees
  to foreign documents) could leave the tree in a crash prone state.
  
  * Calling ``process_children()`` in an XSLT extension element without
  an ``output_parent`` argument failed with a ``TypeError``.
  Fix by Jens Tröger.
  
  * GH162: Image data in HTML ``data`` URLs is considered safe and
  no longer removed by ``lxml.html.clean`` JavaScript cleaner.
  
  * GH166: Static build could link libraries in wrong order.
  
  * GH172: Rely a bit more on libxml2 for encoding detection rather than
  rolling our own in some cases.  Patch by Olli Pottonen.
  
  * GH159: Validity checks for names and string content were tightened
  to detect the use of illegal characters early.  Patch by Olli Pottonen.
  
  * LP1421921: Comments/PIs before the DOCTYPE declaration were not
  serialised.  Patch by Olli Pottonen.
  
  * LP659367: Some HTML DOCTYPE declarations were not serialised.
  Patch by Olli Pottonen.
  
  * LP1238503: lxml.doctestcompare is now consistent with stdlib's doctest
  in how it uses ``+`` and ``-`` to refer to unexpected and missing output.
  
  * Empty prefixes are explicitly rejected when a namespace mapping is used
  with ElementPath to avoid hiding bugs in user code.
  
  * Several problems with PyPy were fixed by switching to Cython 0.23.

3.4.4 not secure

==================
  
  Bugs fixed
  ----------
  
  * An ElementTree compatibility test added in lxml 3.4.3 that failed in
  Python 3.4+ was removed again.

3.4.3 not secure

==================
  
  Bugs fixed
  ----------
  
  * Expression cache in ElementPath was ignored.  Fix by Changaco.
  
  * LP1426868: Passing a default namespace and a prefixed namespace mapping
  as nsmap into ``xmlfile.element()`` raised a ``TypeError``.
  
  * LP1421927: DOCTYPE system URLs were incorrectly quoted when containing
  double quotes.  Patch by Olli Pottonen.
  
  * LP1419354: meta-redirect URLs were incorrectly processed by
  ``iterlinks()`` if preceded by whitespace.

3.4.2 not secure

==================
  
  Bugs fixed
  ----------
  
  * LP1415907: Crash when creating an XMLSchema from a non-root element
  of an XML document.
  
  * LP1369362: HTML cleaning failed when hitting processing instructions
  with pseudo-attributes.
  
  * ``CDATA()`` wrapped content was rejected for tail text.
  
  * CDATA sections were not serialised as tail text of the top-level element.

3.4.1 not secure

==================
  
  Features added
  --------------
  
  * New ``htmlfile`` HTML generator to accompany the incremental ``xmlfile``
  serialisation API.  Patch by Burak Arslan.
  
  Bugs fixed
  ----------
  
  * ``lxml.sax.ElementTreeContentHandler`` did not initialise its superclass.

3.4.0 not secure

==================
  
  Features added
  --------------
  
  * ``xmlfile(buffered=False)`` disables output buffering and flushes the
  content after each API operation (starting/ending element blocks or writes).
  A new method ``xf.flush()`` can alternatively be used to explicitly flush
  the output.
  
  * ``lxml.html.document_fromstring`` has a new option ``ensure_head_body=True``
  which will add an empty head and/or body element to the result document if
  missing.
  
  * ``lxml.html.iterlinks`` now returns links inside meta refresh tags.
  
  * New ``XMLParser`` option ``collect_ids=False`` to disable ID hash table
  creation.  This can substantially speed up parsing of documents with many
  different IDs that are not used.
  
  * The parser uses per-document hash tables for XML IDs.  This reduces the
  load of the global parser dict and speeds up parsing for documents with
  many different IDs.
  
  * ``ElementTree.getelementpath(element)`` returns a structural ElementPath
  expression for the given element, which can be used for lookups later.
  
  * ``xmlfile()`` accepts a new argument ``close=True`` to close file(-like)
  objects after writing to them.  Before, ``xmlfile()`` only closed the file
  if it had opened it internally.
  
  * Allow "bytearray" type for ASCII text input.
  
  Bugs fixed
  ----------
  
  Other changes
  -------------
  
  * LP400588: decoding errors have become hard errors even in recovery mode.
  Previously, they could lead to an internal tree representation in a mixed
  encoding state, which lead to very late errors or even silently incorrect
  behaviour during tree traversal or serialisation.
  
  * Requires Python 2.6, 2.7, 3.2 or later. No longer supports
  Python 2.4, 2.5 and 3.1, use lxml 3.3.x for those.
  
  * Requires libxml2 2.7.0 or later and libxslt 1.1.23 or later,
  use lxml 3.3.x with older versions.

3.3.6 not secure

==================
  
  Bugs fixed
  ----------
  
  * Prevent tree cycle creation when adding Elements as siblings.
  
  * LP1361948: crash when deallocating Element siblings without parent.
  
  * LP1354652: crash when traversing internally loaded documents in XSLT
  extension functions.

3.3.5 not secure

==================
  
  Bugs fixed
  ----------
  
  * HTML cleaning could fail to strip javascript links that mix control
  characters into the link scheme.

3.3.4 not secure

==================
  
  Features added
  --------------
  
  * Source line numbers above 65535 are available on Elements when
  using libxml2 2.9 or later.
  
  Bugs fixed
  ----------
  
  * ``lxml.html.fragment_fromstring()`` failed for bytes input in Py3.
  
  Other changes
  -------------

3.3.3 not secure

==================
  
  Bugs fixed
  ----------
  
  * LP1287118: Crash when using Element subtypes with ``__slots__``.
  
  Other changes
  -------------
  
  * The internal classes ``_LogEntry`` and ``_Attrib`` can no longer be
  subclassed from Python code.

3.3.2 not secure

==================
  
  Bugs fixed
  ----------
  
  * The properties ``resolvers`` and ``version``, as well as the methods
  ``set_element_class_lookup()`` and ``makeelement()``, were lost from
  ``iterparse`` objects in 3.3.0.
  
  * LP1222132: instances of ``XMLSchema``, ``Schematron`` and ``RelaxNG``
  did not clear their local ``error_log`` before running a validation.
  
  * LP1238500: lxml.doctestcompare mixed up "expected" and "actual" in
  attribute values.
  
  * Some file I/O tests were failing in MS-Windows due to non-portable temp
  file usage.  Initial patch by Gabi Davar.
  
  * LP910014: duplicate IDs in a document were not reported by DTD validation.
  
  * LP1185332: ``tostring(method="html")`` did not use HTML serialisation
  semantics for trailing tail text.  Initial patch by Sylvain Viollon.
  
  * LP1281139: ``.attrib`` value of Comments lost its mutation methods
  in 3.3.0.  Even though it is empty and immutable, it should still
  provide the same interface as that returned for Elements.

3.3.1 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * LP1014290: HTML documents parsed with ``parser.feed()`` failed to find
  elements during tag iteration.
  
  * LP1273709: Building in PyPy failed due to missing support for
  ``PyUnicode_Compare()`` and ``PyByteArray_*()`` in PyPy's C-API.
  
  * LP1274413: Compilation in MSVC failed due to missing "stdint.h" standard
  header file.
  
  * LP1274118: iterparse() failed to parse BOM prefixed files.
  
  Other changes
  -------------

3.3.0 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * The heuristic that distinguishes file paths from URLs was tightened
  to produce less false negatives.
  
  Other changes
  -------------

3.3.0beta5 not secure

=======================
  
  Features added
  --------------
  
  * The PEP 393 unicode parsing support gained a fallback for wchar strings
  which might still be somewhat common on Windows systems.
  
  Bugs fixed
  ----------
  
  * Several error handling problems were fixed throughout the code base that
  could previously lead to exceptions being silently swallowed or not
  properly reported.
  
  * The C-API function ``appendChild()`` is now deprecated as it does not
  propagate exceptions (its return type is ``void``).  The new function
  ``appendChildToElement()`` was added as a safe replacement.
  
  * Passing a string into ``fromstringlist()`` raises an exception instead of
  parsing the string character by character.
  
  Other changes
  -------------
  
  * Document cleanup code was simplified using the new GC features in
  Cython 0.20.

3.3.0beta4 not secure

=======================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * The (empty) value returned by the ``attrib`` property of Entity and Comment
  objects was mutable.
  
  * Element class lookup wasn't available for the new pull parsers or when using
  a custom parser target.
  
  * Setting Element attributes on instantiation with both the ``attrib`` argument
  and keyword arguments could modify the mapping passed as ``attrib``.
  
  * LP1266171: DTDs instantiated from internal/external subsets (i.e. through
  the docinfo property) lost their attribute declarations.
  
  Other changes
  -------------
  
  * Built with Cython 0.20pre (gitrev 012ae82eb) to prepare support for
  Python 3.4.

3.3.0beta3 not secure

=======================
  
  Features added
  --------------
  
  * Unicode string parsing was optimised for Python 3.3 (PEP 393).
  
  Bugs fixed
  ----------
  
  * HTML parsing of Unicode strings could misdecode the input on some platforms.
  
  * Crash in xmlfile() when closing open elements out of order in an error case.
  
  Other changes
  -------------

3.3.0beta2 not secure

=======================
  
  Features added
  --------------
  
  * ``iterparse()`` supports the ``recover`` option.
  
  Bugs fixed
  ----------
  
  * Crash in ``iterparse()`` for HTML parsing.
  
  * Crash in target parsing with attributes.
  
  Other changes
  -------------
  
  * The safety check in the read-only tree implementation (e.g. used by
  ``PythonElementClassLookup``) raises a more appropriate ``ReferenceError``
  for illegal access after tree disposal instead of an ``AssertionError``.
  This should only impact test code that specifically checks the original
  behaviour.

3.3.0beta1 not secure

=======================
  
  Features added
  --------------
  
  * New option ``handle_failures`` in ``make_links_absolute()`` and
  ``resolve_base_href()`` (lxml.html) that enables ignoring or
  discarding links that fail to parse as URLs.
  
  * New parser classes ``XMLPullParser`` and ``HTMLPullParser`` for
  incremental parsing, as implemented for ElementTree in Python 3.4.
  
  * ``iterparse()`` enables recovery mode by default for HTML parsing
  (``html=True``).
  
  Bugs fixed
  ----------
  
  * LP1255132: crash when trying to run validation over non-Element (e.g.
  comment or PI).
  
  * Error messages in the log and in exception messages that originated
  from libxml2 could accidentally be picked up from preceding warnings
  instead of the actual error.
  
  * The ``ElementMaker`` in lxml.objectify did not accept a dict as
  argument for adding attributes to the element it's building. This
  works as in lxml.builder now.
  
  * LP1228881: ``repr(XSLTAccessControl)`` failed in Python 3.
  
  * Raise ``ValueError`` when trying to append an Element to itself or
  to one of its own descendants, instead of running into an infinite
  loop.
  
  * LP1206077: htmldiff discarded whitespace from the output.
  
  * Compressed plain-text serialisation to file-like objects was broken.
  
  * lxml.html.formfill: Fix textarea form filling.
  The textarea used to be cleared before the new content was set,
  which removed the name attribute.
  
  
  Other changes
  -------------
  
  * Some basic API classes use freelists internally for faster
  instantiation.  This can speed up some ``iterparse()`` scenarios,
  for example.
  
  * ``iterparse()`` was rewritten to use the new ``*PullParser``
  classes internally instead of being a parser itself.

3.2.5 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Crash in xmlfile() when closing open elements out of order in an error case.
  
  * Crash in target parsing with attributes.
  
  * LP1255132: crash when trying to run validation over non-Element (e.g.
  comment or PI).
  
  Other changes
  -------------

3.2.4 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Memory leak when creating an XPath evaluator in a thread.
  
  * LP1228881: ``repr(XSLTAccessControl)`` failed in Python 3.
  
  * Raise ``ValueError`` when trying to append an Element to itself or
  to one of its own descendants.
  
  * LP1206077: htmldiff discarded whitespace from the output.
  
  * Compressed plain-text serialisation to file-like objects was broken.
  
  Other changes
  -------------

3.2.3 not secure

==================
  
  Bugs fixed
  ----------
  
  * Fix support for Python 2.4 which was lost in 3.2.2.

3.2.2 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * LP1185701: spurious XMLSyntaxError after finishing iterparse().
  
  * Crash in lxml.objectify during xsi annotation.
  
  Other changes
  -------------
  
  * Return values of user provided element class lookup methods are now
  validated against the type of the XML node they represent to prevent
  API class mismatches.

3.2.1 not secure

==================
  
  Features added
  --------------
  
  * The methods ``apply_templates()`` and ``process_children()`` of XSLT
  extension elements have gained two new boolean options ``elements_only``
  and ``remove_blank_text`` that discard either all strings or whitespace-only
  strings from the result list.
  
  Bugs fixed
  ----------
  
  * When moving Elements to another tree, the namespace cleanup mechanism
  no longer drops namespace prefixes from attributes for which it finds
  a default namespace declaration, to prevent them from appearing as
  unnamespaced attributes after serialisation.
  
  * Returning non-type objects from a custom class lookup method could lead
  to a crash.
  
  * Instantiating and using subtypes of Comments and ProcessingInstructions
  crashed.
  
  Other changes
  -------------

3.2.0 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * LP690319: Leading whitespace could change the behaviour of the string
  parsing functions in ``lxml.html``.
  
  * LP599318: The string parsing functions in ``lxml.html`` are more robust
  in the face of uncommon HTML content like framesets or missing body tags.
  Patch by Stefan Seelmann.
  
  * LP712941: I/O errors while trying to access files with paths that contain
  non-ASCII characters could raise ``UnicodeDecodeError`` instead of properly
  reporting the ``IOError``.
  
  * LP673205: Parsing from in-memory strings disabled network access in the
  default parser and made subsequent attempts to parse from a URL fail.
  
  * LP971754: lxml.html.clean appends 'nofollow' to 'rel' attributes instead
  of overwriting the current value.
  
  * LP715687: lxml.html.clean no longer discards scripts that are explicitly
  allowed by the user provided whitelist.  Patch by Christine Koppelt.
  
  Other changes
  -------------

3.1.2 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * LP1136509: Passing attributes through the namespace-unaware API of
  the sax bridge (i.e. the ``handler.startElement()`` method) failed
  with a ``TypeError``.  Patch by Mike Bayer.
  
  * LP1123074: Fix serialisation error in XSLT output when converting
  the result tree to a Unicode string.
  
  * GH105: Replace illegal usage of ``xmlBufLength()`` in libxml2 2.9.0
  by properly exported API function ``xmlBufUse()``.
  
  Other changes
  -------------

3.1.1 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * LP1160386: Write access to ``lxml.html.FormElement.fields`` raised
  an AttributeError in Py3.
  
  * Illegal memory access during cleanup in incremental xmlfile writer.
  
  Other changes
  -------------
  
  * The externally useless class ``lxml.etree._BaseParser`` was removed
  from the module dict.

3.1.0 not secure

==================
  
  Features added
  --------------
  
  * GH89: lxml.html.clean allows overriding the set of attributes that it
  considers 'safe'.  Patch by Francis Devereux.
  
  Bugs fixed
  ----------
  
  * LP1104370: ``copy.copy(el.attrib)`` raised an exception.  It now returns
  a copy of the attributes as a plain Python dict.
  
  * GH95: When used with namespace prefixes, the  ``el.find*()`` methods
  always used the first namespace mapping that was provided for each
  path expression instead of using the one that was actually passed
  in for the current run.
  
  * LP1092521, GH91: Fix undefined C symbol in Python runtimes compiled
  without threading support.  Patch by Ulrich Seidl.
  
  Other changes
  -------------

3.1beta1 not secure

=====================
  
  Features added
  --------------
  
  * New build-time option ``--with-unicode-strings`` for Python 2 that
  makes the API always return Unicode strings for names and text
  instead of byte strings for plain ASCII content.
  
  * New incremental XML file writing API ``etree.xmlfile()``.
  
  * E factory in lxml.objectify is callable to simplify the creation of
  tags with non-identifier names without having to resort to getattr().
  
  Bugs fixed
  ----------
  
  * When starting from a non-namespaced element in lxml.objectify, searching
  for a child without explicitly specifying a namespace incorrectly found
  namespaced elements with the requested local name, instead of restricting
  the search to non-namespaced children.
  
  * GH85: Deprecation warnings were fixed for Python 3.x.
  
  * GH33: lxml.html.fromstring() failed to accept bytes input in Py3.
  
  * LP1080792: Static build of libxml2 2.9.0 failed due to missing file.
  
  Other changes
  -------------
  
  * The externally useless class ``_ObjectifyElementMakerCaller`` was
  removed from the module API of lxml.objectify.
  
  * LP1075622: lxml.builder is faster for adding text to elements with
  many children.  Patch by Anders Hammarquist.

3.0.2 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Fix crash during interpreter shutdown by switching to Cython 0.17.3 for building.
  
  Other changes
  -------------

3.0.1 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * LP1065924: Element proxies could disappear during garbage collection
  in PyPy without proper cleanup.
  
  * GH71: Failure to work with libxml2 2.6.x.
  
  * LP1065139: static MacOS-X build failed in Py3.
  
  Other changes
  -------------

3.0 not secure

================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * End-of-file handling was incorrect in iterparse() when reading from
  a low-level C file stream and failed in libxml2 2.9.0 due to its
  improved consistency checks.
  
  Other changes
  -------------
  
  * The build no longer uses Cython by default unless the generated C files
  are missing.  To use Cython, pass the option "--with-cython".  To ignore
  the fatal build error when Cython is required but not available (e.g. to
  run special setup.py commands that do not actually run a build), pass
  "--without-cython".

3.0beta1

=====================
  
  Features added
  --------------
  
  * Python level access to (optional) libxml2 memory debugging features
  to simplify debugging of memory leaks etc.
  
  Bugs fixed
  ----------
  
  * Fix a memory leak in XPath by switching to Cython 0.17.1.
  
  * Some tests were adapted to work with PyPy.
  
  Other changes
  -------------
  
  * The code was adapted to work with the upcoming libxml2 2.9.0 release.

3.0alpha2

======================
  
  Features added
  --------------
  
  * The ``.iter()`` method of elements now accepts ``tag`` arguments like
  ``"{*}name"`` to search for elements with a given local name in any
  namespace. With this addition, all combinations of wildcards now work
  as expected:
  ``"{ns}name"``, ``"{}name"``, ``"{*}name"``, ``"{ns}*"``, ``"{}*"``
  and ``"{*}*"``.  Note that ``"name"`` is equivalent to ``"{}name"``,
  but ``"*"`` is ``"{*}*"``.
  The same change applies to the ``.getiterator()``, ``.itersiblings()``,
  ``.iterancestors()``, ``.iterdescendants()``, ``.iterchildren()``
  and ``.itertext()`` methods;the ``strip_attributes()``,
  ``strip_elements()`` and ``strip_tags()`` functions as well as the
  ``iterparse()`` class.  Patch by Simon Sapin.
  
  * C14N allows specifying the inclusive prefixes to be promoted
  to top-level during exclusive serialisation.
  
  Bugs fixed
  ----------
  
  * Passing long Unicode strings into the ``feed()`` parser interface
  failed to read the entire string.
  
  Other changes
  -------------

3.0alpha1

======================
  
  Features added
  --------------
  
  * Initial support for building in PyPy (through cpyext).
  
  * DTD objects gained an API that allows read access to their
  declarations.
  
  * ``xpathgrep.py`` gained support for parsing line-by-line (e.g.
  from grep output) and for surrounding the output with a new root
  tag.
  
  * ``E-factory`` in ``lxml.builder`` accepts subtypes of known data
  types (such as string subtypes) when building elements around them.
  
  * Tree iteration and ``iterparse()`` with a selective ``tag``
  argument supports passing a set of tags.  Tree nodes will be
  returned by the iterators if they match any of the tags.
  
  Bugs fixed
  ----------
  
  * The ``.find*()`` methods in ``lxml.objectify`` no longer use XPath
  internally, which makes them faster in many cases (especially when
  short circuiting after a single or couple of elements) and fixes
  some behavioural differences compared to ``lxml.etree``.  Note that
  this means that they no longer support arbitrary XPath expressions
  but only the subset that the ``ElementPath`` language supports.
  The previous implementation was also redundant with the normal
  XPath support, which can be used as a replacement.
  
  * ``el.find('*')`` could accidentally return a comment or processing
  instruction that happened to be in the wrong spot.  (Same for the
  other ``.find*()`` methods.)
  
  * The error logging is less intrusive and avoids a global setup where
  possible.
  
  * Fixed undefined names in html5lib parser.
  
  * ``xpathgrep.py`` did not work in Python 3.
  
  * ``Element.attrib.update()`` did not accept an ``attrib`` of
  another Element as parameter.
  
  * For subtypes of ``ElementBase`` that make the ``.text`` or ``.tail``
  properties immutable (as in objectify, for example), inserting text
  when creating Elements through the E-Factory feature of the class
  constructor would fail with an exception, stating that the text
  cannot be modified.
  
  Other changes
  --------------
  
  * The code base was overhauled to properly use 'const' where the API
  of libxml2 and libxslt requests it.  This also has an impact on the
  public C-API of lxml itself, as defined in ``etreepublic.pxd``, as
  well as the provided declarations in the ``lxml/includes/`` directory.
  Code that uses these declarations may have to be adapted.  On the
  plus side, this fixes several C compiler warnings, also for user
  code, thus making it easier to spot real problems again.
  
  * The functionality of "lxml.cssselect" was moved into a separate PyPI
  package called "cssselect".  To continue using it, you must install
  that package separately.  The "lxml.cssselect" module is still
  available and provides the same interface, provided the "cssselect"
  package can be imported at runtime.
  
  * Element attributes passed in as an ``attrib`` dict or as keyword
  arguments are now sorted by (namespaced) name before being created
  to make their order predictable for serialisation and iteration.
  Note that adding or deleting attributes afterwards does not take
  that order into account, i.e. setting a new attribute appends it
  after the existing ones.
  
  * Several classes that are for internal use only were removed
  from the ``lxml.etree`` module dict:
  ``_InputDocument, _ResolverRegistry, _ResolverContext, _BaseContext,
  _ExsltRegExp, _IterparseContext, _TempStore, _ExceptionContext,
  __ContentOnlyElement, _AttribIterator, _NamespaceRegistry,
  _ClassNamespaceRegistry, _FunctionNamespaceRegistry,
  _XPathFunctionNamespaceRegistry, _ParserDictionaryContext,
  _FileReaderContext, _ParserContext, _PythonSaxParserTarget,
  _TargetParserContext, _ReadOnlyProxy, _ReadOnlyPIProxy,
  _ReadOnlyEntityProxy, _ReadOnlyElementProxy, _OpaqueNodeWrapper,
  _OpaqueDocumentWrapper, _ModifyContentOnlyProxy,
  _ModifyContentOnlyPIProxy, _ModifyContentOnlyEntityProxy,
  _AppendOnlyElementProxy, _SaxParserContext, _FilelikeWriter,
  _ParserSchemaValidationContext, _XPathContext,
  _XSLTResolverContext, _XSLTContext, _XSLTQuotedStringParam``
  
  * Several internal classes can no longer be inherited from:
  ``_InputDocument, _ResolverRegistry, _ExsltRegExp, _ElementUnicodeResult,
  _IterparseContext, _TempStore, _AttribIterator, _ClassNamespaceRegistry,
  _XPathFunctionNamespaceRegistry, _ParserDictionaryContext,
  _FileReaderContext, _PythonSaxParserTarget, _TargetParserContext,
  _ReadOnlyPIProxy, _ReadOnlyEntityProxy, _OpaqueDocumentWrapper,
  _ModifyContentOnlyPIProxy, _ModifyContentOnlyEntityProxy,
  _AppendOnlyElementProxy, _FilelikeWriter, _ParserSchemaValidationContext,
  _XPathContext, _XSLTResolverContext, _XSLTContext, _XSLTQuotedStringParam,
  _XSLTResultTree, _XSLTProcessingInstruction``

2.3.6 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Passing long Unicode strings into the ``feed()`` parser interface
  failed to read the entire string.
  
  Other changes
  --------------

2.3.5 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Crash when merging text nodes in ``element.remove()``.
  
  * Crash in sax/target parser when reporting empty doctype.
  
  Other changes
  --------------

2.3.4 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Crash when building an nsmap (Element property) with empty
  namespace URIs.
  
  * Crash due to race condition when errors (or user messages) occur
  during threaded XSLT processing.
  
  * XSLT stylesheet compilation could ignore compilation errors.
  
  Other changes
  --------------

2.3.3 not secure

==================
  
  Features added
  --------------
  
  * ``lxml.html.tostring()`` gained new serialisation options
  ``with_tail`` and ``doctype``.
  
  Bugs fixed
  ----------
  
  * Fixed a crash when using ``iterparse()`` for HTML parsing and
  requesting start events.
  
  * Fixed parsing of more selectors in cssselect.  Whitespace before
  pseudo-elements and pseudo-classes is significant as it is a
  descendant combinator.
  "E :pseudo" should parse the same as "E \*:pseudo", not "E:pseudo".
  Patch by Simon Sapin.
  
  * lxml.html.diff no longer raises an exception when hitting
  'img' tags without 'src' attribute.
  
  Other changes
  --------------

2.3.2 not secure

==================
  
  Features added
  --------------
  
  * ``lxml.objectify.deannotate()`` has a new boolean option
  ``cleanup_namespaces`` to remove the objectify namespace
  declarations (and generally clean up the namespace declarations)
  after removing the type annotations.
  
  * ``lxml.objectify`` gained its own ``SubElement()`` function as a
  copy of ``etree.SubElement`` to avoid an otherwise redundant import
  of ``lxml.etree`` on the user side.
  
  Bugs fixed
  ----------
  
  * Fixed the "descendant" bug in cssselect a second time (after a first
  fix in lxml 2.3.1).  The previous change resulted in a serious
  performance regression for the XPath based evaluation of the
  translated expression.  Note that this breaks the usage of some of
  the generated XPath expressions as XSLT location paths that
  previously worked in 2.3.1.
  
  * Fixed parsing of some selectors in cssselect. Whitespace after combinators
  ">", "+" and "~" is now correctly ignored. Previously it was parsed as
  a descendant combinator. For example, "div> .foo" was parsed the same as
  "div>* .foo" instead of "div>.foo". Patch by Simon Sapin.
  
  Other changes
  --------------

2.3.1 not secure

==================
  
  Features added
  --------------
  
  * New option ``kill_tags`` in ``lxml.html.clean`` to remove specific
  tags and their content (i.e. their whole subtree).
  
  * ``pi.get()`` and ``pi.attrib`` on processing instructions to parse
  pseudo-attributes from the text content of processing instructions.
  
  * ``lxml.get_include()`` returns a list of include paths that can be
  used to compile external C code against lxml.etree.  This is
  specifically required for statically linked lxml builds when code
  needs to compile against the exact same header file versions as lxml
  itself.
  
  * ``Resolver.resolve_file()`` takes an additional option
  ``close_file`` that configures if the file(-like) object will be
  closed after reading or not.  By default, the file will be closed,
  as the user is not expected to keep a reference to it.
  
  Bugs fixed
  ----------
  
  * HTML cleaning didn't remove 'data:' links.
  
  * The html5lib parser integration now uses the 'official'
  implementation in html5lib itself, which makes it work with newer
  releases of the library.
  
  * In ``lxml.sax``, ``endElementNS()`` could incorrectly reject a plain
  tag name when the corresponding start event inferred the same plain
  tag name to be in the default namespace.
  
  * When an open file-like object is passed into ``parse()`` or
  ``iterparse()``, the parser will no longer close it after use.  This
  reverts a change in lxml 2.3 where all files would be closed.  It is
  the users responsibility to properly close the file(-like) object,
  also in error cases.
  
  * Assertion error in lxml.html.cleaner when discarding top-level elements.
  
  * In lxml.cssselect, use the xpath 'A//B' (short for
  'A/descendant-or-self::node()/B') instead of 'A/descendant::B' for
  the css descendant selector ('A B').  This makes a few edge cases
  like ``"div *:last-child"`` consistent with the selector behavior in
  WebKit and Firefox, and makes more css expressions valid location
  paths (for use in xsl:template match).
  
  * In lxml.html, non-selected ``<option>`` tags no longer show up in the
  collected form values.
  
  * Adding/removing ``<option>`` values to/from a multiple select form
  field properly selects them and unselects them.
  
  Other changes
  --------------
  
  * Static builds can specify the download directory with the
  ``--download-dir`` option.

2.3 not secure

================
  
  Features added
  --------------
  
  * When looking for children, ``lxml.objectify`` takes '{}tag' as
  meaning an empty namespace, as opposed to the parent namespace.
  
  Bugs fixed
  ----------
  
  * When finished reading from a file-like object, the parser
  immediately calls its ``.close()`` method.
  
  * When finished parsing, ``iterparse()`` immediately closes the input
  file.
  
  * Work-around for libxml2 bug that can leave the HTML parser in a
  non-functional state after parsing a severely broken document (fixed
  in libxml2 2.7.8).
  
  * ``marque`` tag in HTML cleanup code is correctly named ``marquee``.
  
  Other changes
  --------------
  
  * Some public functions in the Cython-level C-API have more explicit
  return types.

2.3beta1 not secure

=====================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Crash in newer libxml2 versions when moving elements between
  documents that had attributes on replaced XInclude nodes.
  
  * ``XMLID()`` function was missing the optional ``parser`` and
  ``base_url`` parameters.
  
  * Searching for wildcard tags in ``iterparse()`` was broken in Py3.
  
  * ``lxml.html.open_in_browser()`` didn't work in Python 3 due to the
  use of os.tempnam.  It now takes an optional 'encoding' parameter.
  
  Other changes
  --------------

2.3alpha2 not secure

======================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Crash in XSLT when generating text-only result documents with a
  stylesheet created in a different thread.
  
  Other changes
  --------------
  
  * ``repr()`` of Element objects shows the hex ID with leading 0x
  (following ElementTree 1.3).

2.3alpha1 not secure

======================
  
  Features added
  --------------
  
  * Keyword argument ``namespaces`` in ``lxml.cssselect.CSSSelector()``
  to pass a prefix-to-namespace mapping for the selector.
  
  * New function ``lxml.etree.register_namespace(prefix, uri)`` that
  globally registers a namespace prefix for a namespace that newly
  created Elements in that namespace will use automatically.  Follows
  ElementTree 1.3.
  
  * Support 'unicode' string name as encoding parameter in
  ``tostring()``, following ElementTree 1.3.
  
  * Support 'c14n' serialisation method in ``ElementTree.write()`` and
  ``tostring()``, following ElementTree 1.3.
  
  * The ElementPath expression syntax (``el.find*()``) was extended to
  match the upcoming ElementTree 1.3 that will ship in the standard
  library of Python 3.2/2.7.  This includes extended support for
  predicates as well as namespace prefixes (as known from XPath).
  
  * During regular XPath evaluation, various ESXLT functions are
  available within their namespace when using libxslt 1.1.26 or later.
  
  * Support passing a readily configured logger instance into
  ``PyErrorLog``, instead of a logger name.
  
  * On serialisation, the new ``doctype`` parameter can be used to
  override the DOCTYPE (internal subset) of the document.
  
  * New parameter ``output_parent`` to ``XSLTExtension.apply_templates()``
  to append the resulting content directly to an output element.
  
  * ``XSLTExtension.process_children()`` to process the content of the
  XSLT extension element itself.
  
  * ISO-Schematron support based on the de-facto Schematron reference
  'skeleton implementation'.
  
  * XSLT objects now take XPath object as ``__call__`` stylesheet
  parameters.
  
  * Enable path caching in ElementPath (``el.find*()``) to avoid parsing
  overhead.
  
  * Setting the value of a namespaced attribute always uses a prefixed
  namespace instead of the default namespace even if both declare the
  same namespace URI.  This avoids serialisation problems when an
  attribute from a default namespace is set on an element from a
  different namespace.
  
  * XSLT extension elements: support for XSLT context nodes other than
  elements: document root, comments, processing instructions.
  
  * Support for strings (in addition to Elements) in node-sets returned
  by extension functions.
  
  * Forms that lack an ``action`` attribute default to the base URL of
  the document on submit.
  
  * XPath attribute result strings have an ``attrname`` property.
  
  * Namespace URIs get validated against RFC 3986 at the API level
  (required by the XML namespace specification).
  
  * Target parsers show their target object in the ``.target`` property
  (compatible with ElementTree).
  
  Bugs fixed
  ----------
  
  * API is hardened against invalid proxy instances to prevent crashes
  due to incorrectly instantiated Element instances.
  
  * Prevent crash when instantiating ``CommentBase`` and friends.
  
  * Export ElementTree compatible XML parser class as
  ``XMLTreeBuilder``, as it is called in ET 1.2.
  
  * ObjectifiedDataElements in lxml.objectify were not hashable.  They
  now use the hash value of the underlying Python value (string,
  number, etc.) to which they compare equal.
  
  * Parsing broken fragments in lxml.html could fail if the fragment
  contained an orphaned closing '</div>' tag.
  
  * Using XSLT extension elements around the root of the output document
  crashed.
  
  * ``lxml.cssselect`` did not distinguish between ``x[attr="val"]`` and
  ``x [attr="val"]`` (with a space).  The latter now matches the
  attribute independent of the element.
  
  * Rewriting multiple links inside of HTML text content could end up
  replacing unrelated content as replacements could impact the
  reported position of subsequent matches.  Modifications are now
  simplified by letting the ``iterlinks()`` generator in ``lxml.html``
  return links in reversed order if they appear inside the same text
  node.  Thus, replacements and link-internal modifications no longer
  change the position of links reported afterwards.
  
  * The ``.value`` attribute of ``textarea`` elements in lxml.html did
  not represent the complete raw value (including child tags etc.). It
  now serialises the complete content on read and replaces the
  complete content by a string on write.
  
  * Target parser didn't call ``.close()`` on the target object if
  parsing failed.  Now it is guaranteed that ``.close()`` will be
  called after parsing, regardless of the outcome.
  
  Other changes
  -------------
  
  * Official support for Python 3.1.2 and later.
  
  * Static MS Windows builds can now download their dependencies
  themselves.
  
  * ``Element.attrib`` no longer uses a cyclic reference back to its
  Element object.  It therefore no longer requires the garbage
  collector to clean up.
  
  * Static builds include libiconv, in addition to libxml2 and libxslt.

2.2.8 not secure

==================
  
  Bugs fixed
  ----------
  
  * Crash in newer libxml2 versions when moving elements between
  documents that had attributes on replaced XInclude nodes.
  
  * Import fix for urljoin in Python 3.1+.

2.2.7 not secure

==================
  
  Bugs fixed
  ----------
  
  * Crash in XSLT when generating text-only result documents with a
  stylesheet created in a different thread.

2.2.6 not secure

==================
  
  Bugs fixed
  ----------
  
  * Fixed several Python 3 regressions by building with Cython 0.11.3.

2.2.5 not secure

==================
  
  Features added
  --------------
  
  * Support for running XSLT extension elements on the input root node
  (e.g. in a template matching on "/").
  
  Bugs fixed
  ----------
  
  * Crash in XPath evaluation when reading smart strings from a document
  other than the original context document.
  
  * Support recent versions of html5lib by not requiring its
  ``XHTMLParser`` in ``htmlparser.py`` anymore.
  
  * Manually instantiating the custom element classes in
  ``lxml.objectify`` could crash.
  
  * Invalid XML text characters were not rejected by the API when they
  appeared in unicode strings directly after non-ASCII characters.
  
  * lxml.html.open_http_urllib() did not work in Python 3.
  
  * The functions ``strip_tags()`` and ``strip_elements()`` in
  ``lxml.etree`` did not remove all occurrences of a tag in all cases.
  
  * Crash in XSLT extension elements when the XSLT context node is not
  an element.

2.2.4 not secure

==================
  
  Bugs fixed
  ----------
  
  * Static build of libxml2/libxslt was broken.

2.2.3 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * The ``resolve_entities`` option did not work in the incremental feed
  parser.
  
  * Looking up and deleting attributes without a namespace could hit a
  namespaced attribute of the same name instead.
  
  * Late errors during calls to ``SubElement()`` (e.g. attribute related
  ones) could leave a partially initialised element in the tree.
  
  * Modifying trees that contain parsed entity references could result
  in an infinite loop.
  
  * ObjectifiedElement.__setattr__ created an empty-string child element when the
  attribute value was rejected as a non-unicode/non-ascii string
  
  * Syntax errors in ``lxml.cssselect`` could result in misleading error
  messages.
  
  * Invalid syntax in CSS expressions could lead to an infinite loop in
  the parser of ``lxml.cssselect``.
  
  * CSS special character escapes were not properly handled in
  ``lxml.cssselect``.
  
  * CSS Unicode escapes were not properly decoded in ``lxml.cssselect``.
  
  * Select options in HTML forms that had no explicit ``value``
  attribute were not handled correctly.  The HTML standard dictates
  that their value is defined by their text content.  This is now
  supported by lxml.html.
  
  * XPath raised a TypeError when finding CDATA sections.  This is now
  fully supported.
  
  * Calling ``help(lxml.objectify)`` didn't work at the prompt.
  
  * The ``ElementMaker`` in lxml.objectify no longer defines the default
  namespaces when annotation is disabled.
  
  * Feed parser failed to honour the 'recover' option on parse errors.
  
  * Diverting the error logging to Python's logging system was broken.
  
  Other changes
  -------------

2.2.2 not secure

==================
  
  Features added
  --------------
  
  * New helper functions ``strip_attributes()``, ``strip_elements()``,
  ``strip_tags()`` in lxml.etree to remove attributes/subtrees/tags
  from a subtree.
  
  Bugs fixed
  ----------
  
  * Namespace cleanup on subtree insertions could result in missing
  namespace declarations (and potentially crashes) if the element
  defining a namespace was deleted and the namespace was not used by
  the top element of the inserted subtree but only in deeper subtrees.
  
  * Raising an exception from a parser target callback didn't always
  terminate the parser.
  
  * Only {true, false, 1, 0} are accepted as the lexical representation for
  BoolElement ({True, False, T, F, t, f} not any more), restoring lxml <= 2.0
  behaviour.
  
  Other changes
  -------------

2.2.1 not secure

==================
  
  Features added
  --------------
  
  * Injecting default attributes into a document during XML Schema
  validation (also at parse time).
  
  * Pass ``huge_tree`` parser option to disable parser security
  restrictions imposed by libxml2 2.7.
  
  Bugs fixed
  ----------
  
  * The script for statically building libxml2 and libxslt didn't work
  in Py3.
  
  * ``XMLSchema()`` also passes invalid schema documents on to libxml2
  for parsing (which could lead to a crash before release 2.6.24).
  
  Other changes
  -------------

2.2 not secure

================
  
  Features added
  --------------
  
  * Support for ``standalone`` flag in XML declaration through
  ``tree.docinfo.standalone`` and by passing ``standalone=True/False``
  on serialisation.
  
  Bugs fixed
  ----------
  
  * Crash when parsing an XML Schema with external imports from a
  filename.

2.2beta4 not secure

=====================
  
  Features added
  --------------
  
  * Support strings and instantiable Element classes as child arguments
  to the constructor of custom Element classes.
  
  * GZip compression support for serialisation to files and file-like
  objects.
  
  Bugs fixed
  ----------
  
  * Deep-copying an ElementTree copied neither its sibling PIs and
  comments nor its internal/external DTD subsets.
  
  * Soupparser failed on broken attributes without values.
  
  * Crash in XSLT when overwriting an already defined attribute using
  ``xsl:attribute``.
  
  * Crash bug in exception handling code under Python 3.  This was due
  to a problem in Cython, not lxml itself.
  
  * ``lxml.html.FormElement._name()`` failed for non top-level forms.
  
  * ``TAG`` special attribute in constructor of custom Element classes
  was evaluated incorrectly.
  
  Other changes
  -------------
  
  * Official support for Python 3.0.1.
  
  * ``Element.findtext()`` now returns an empty string instead of None
  for Elements without text content.

2.2beta3 not secure

=====================
  
  Features added
  --------------
  
  * ``XSLT.strparam()`` class method to wrap quoted string parameters
  that require escaping.
  
  Bugs fixed
  ----------
  
  * Memory leak in XPath evaluators.
  
  * Crash when parsing indented XML in one thread and merging it with
  other documents parsed in another thread.
  
  * Setting the ``base`` attribute in ``lxml.objectify`` from a unicode
  string failed.
  
  * Fixes following changes in Python 3.0.1.
  
  * Minor fixes for Python 3.
  
  Other changes
  -------------
  
  * The global error log (which is copied into the exception log) is now
  local to a thread, which fixes some race conditions.
  
  * More robust error handling on serialisation.

2.2beta2 not secure

=====================
  
  Bugs fixed
  ----------
  
  * Potential memory leak on exception handling.  This was due to a
  problem in Cython, not lxml itself.
  
  * ``iter_links`` (and related link-rewriting functions) in
  ``lxml.html`` would interpret CSS like ``url("link")`` incorrectly
  (treating the quotation marks as part of the link).
  
  * Failing import on systems that have an ``io`` module.

2.2beta1 not secure

=====================
  
  Features added
  --------------
  
  * Allow ``lxml.html.diff.htmldiff`` to accept Element objects, not
  just HTML strings.
  
  Bugs fixed
  ----------
  
  * Crash when using an XPath evaluator in multiple threads.
  
  * Fixed missing whitespace before ``Link:...`` in ``lxml.html.diff``.
  
  Other changes
  -------------
  
  * Export ``lxml.html.parse``.

2.2alpha1 not secure

======================
  
  Features added
  --------------
  
  * Support for XSLT result tree fragments in XPath/XSLT extension
  functions.
  
  * QName objects have new properties ``namespace`` and ``localname``.
  
  * New options for exclusive C14N and C14N without comments.
  
  * Instantiating a custom Element classes creates a new Element.
  
  Bugs fixed
  ----------
  
  * XSLT didn't inherit the parse options of the input document.
  
  * 0-bytes could slip through the API when used inside of Unicode
  strings.
  
  * With ``lxml.html.clean.autolink``, links with balanced parenthesis,
  that end in a parenthesis, will be linked in their entirety (typical
  with Wikipedia links).
  
  Other changes
  -------------

2.1.5 not secure

==================
  
  Bugs fixed
  ----------
  
  * Potential memory leak on exception handling.  This was due to a
  problem in Cython, not lxml itself.
  
  * Failing import on systems that have an ``io`` module.

2.1.4 not secure

==================
  
  Bugs fixed
  ----------
  
  * Crash when using an XPath evaluator in multiple threads.

2.1.3 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Ref-count leaks when lxml enters a try-except statement while an
  outside exception lives in sys.exc_*(). This was due to a problem in
  Cython, not lxml itself.
  
  * Parser Unicode decoding errors could get swallowed by other
  exceptions.
  
  * Name/import errors in some Python modules.
  
  * Internal DTD subsets that did not specify a system or public ID were
  not serialised and did not appear in the docinfo property of
  ElementTrees.
  
  * Fix a pre-Py3k warning when parsing from a gzip file in Py2.6.
  
  * Test suite fixes for libxml2 2.7.
  
  * Resolver.resolve_string() did not work for non-ASCII byte strings.
  
  * Resolver.resolve_file() was broken.
  
  * Overriding the parser encoding didn't work for many encodings.
  
  Other changes
  -------------

2.1.2 not secure

==================
  
  Features added
  --------------
  
  * lxml.etree now tries to find the absolute path name of files when
  parsing from a file-like object.  This helps custom resolvers when
  resolving relative URLs, as lixbml2 can prepend them with the path
  of the source document.
  
  Bugs fixed
  ----------
  
  * Memory problem when passing documents between threads.
  
  * Target parser did not honour the ``recover`` option and raised an
  exception instead of calling ``.close()`` on the target.
  
  Other changes
  -------------

2.1.1 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Crash when parsing XSLT stylesheets in a thread and using them in
  another.
  
  * Encoding problem when including text with ElementInclude under
  Python 3.
  
  Other changes
  -------------

2.1 not secure

================
  
  Features added
  --------------
  
  * Smart strings can be switched off in XPath (``smart_strings``
  keyword option).
  
  * ``lxml.html.rewrite_links()`` strips links to work around documents
  with whitespace in URL attributes.
  
  Bugs fixed
  ----------
  
  * Custom resolvers were not used for XMLSchema includes/imports and
  XInclude processing.
  
  * CSS selector parser dropped remaining expression after a function
  with parameters.
  
  Other changes
  -------------
  
  * ``objectify.enableRecursiveStr()`` was removed, use
  ``objectify.enable_recursive_str()`` instead
  
  * Speed-up when running XSLTs on documents from other threads

2.1beta3 not secure

=====================
  
  Features added
  --------------
  
  * Major overhaul of ``tools/xpathgrep.py`` script.
  
  * Pickling ``ElementTree`` objects in lxml.objectify.
  
  * Support for parsing from file-like objects that return unicode
  strings.
  
  * New function ``etree.cleanup_namespaces(el)`` that removes unused
  namespace declarations from a (sub)tree (experimental).
  
  * XSLT results support the buffer protocol in Python 3.
  
  * Polymorphic functions in ``lxml.html`` that accept either a tree or
  a parsable string will return either a UTF-8 encoded byte string, a
  unicode string or a tree, based on the type of the input.
  Previously, the result was always a byte string or a tree.
  
  * Support for Python 2.6 and 3.0 beta.
  
  * File name handling now uses a heuristic to convert between byte
  strings (usually filenames) and unicode strings (usually URLs).
  
  * Parsing from a plain file object frees the GIL under Python 2.x.
  
  * Running ``iterparse()`` on a plain file (or filename) frees the GIL
  on reading under Python 2.x.
  
  * Conversion functions ``html_to_xhtml()`` and ``xhtml_to_html()`` in
  lxml.html (experimental).
  
  * Most features in lxml.html work for XHTML namespaced tag names
  (experimental).
  
  Bugs fixed
  ----------
  
  * ``ElementTree.parse()`` didn't handle target parser result.
  
  * Crash in Element class lookup classes when the __init__() method of
  the super class is not called from Python subclasses.
  
  * A number of problems related to unicode/byte string conversion of
  filenames and error messages were fixed.
  
  * Building on MacOS-X now passes the "flat_namespace" option to the C
  compiler, which reportedly prevents build quirks and crashes on this
  platform.
  
  * Windows build was broken.
  
  * Rare crash when serialising to a file object with certain encodings.
  
  Other changes
  -------------
  
  * Non-ASCII characters in attribute values are no longer escaped on
  serialisation.
  
  * Passing non-ASCII byte strings or invalid unicode strings as .tag,
  namespaces, etc. will result in a ValueError instead of an
  AssertionError (just like the tag well-formedness check).
  
  * Up to several times faster attribute access (i.e. tree traversal) in
  lxml.objectify.

2.1beta2 not secure

=====================
  
  Features added
  --------------
  
  * All parse functions in lxml.html take a ``parser`` keyword argument.
  
  * lxml.html has a new parser class ``XHTMLParser`` and a module
  attribute ``xhtml_parser`` that provide XML parsers that are
  pre-configured for the lxml.html package.
  
  Bugs fixed
  ----------
  
  * Moving a subtree from a document created in one thread into a
  document of another thread could crash when the rest of the source
  document is deleted while the subtree is still in use.
  
  * Passing an nsmap when creating an Element will no longer strip
  redundantly defined namespace URIs.  This prevented the definition
  of more than one prefix for a namespace on the same Element.
  
  Other changes
  -------------
  
  * If the default namespace is redundantly defined with a prefix on the
  same Element, the prefix will now be preferred for subelements and
  attributes.  This allows users to work around a problem in libxml2
  where attributes from the default namespace could serialise without
  a prefix even when they appear on an Element with a different
  namespace (i.e. they would end up in the wrong namespace).

2.1beta1 not secure

=====================
  
  Features added
  --------------
  
  * Error logging in Schematron (requires libxml2 2.6.32 or later).
  
  * Parser option ``strip_cdata`` for normalising or keeping CDATA
  sections.  Defaults to ``True`` as before, thus replacing CDATA
  sections by their text content.
  
  * ``CDATA()`` factory to wrap string content as CDATA section.
  
  Bugs fixed
  ----------
  
  * Resolving to a filename in custom resolvers didn't work.
  
  * lxml did not honour libxslt's second error state "STOPPED", which
  let some XSLT errors pass silently.
  
  * Memory leak in Schematron with libxml2 >= 2.6.31.
  
  * lxml.etree accepted non well-formed namespace prefix names.
  
  Other changes
  -------------
  
  * Major cleanup in internal ``moveNodeToDocument()`` function, which
  takes care of namespace cleanup when moving elements between
  different namespace contexts.
  
  * New Elements created through the ``makeelement()`` method of an HTML
  parser or through lxml.html now end up in a new HTML document
  (doctype HTML 4.01 Transitional) instead of a generic XML document.
  This mostly impacts the serialisation and the availability of a DTD
  context.

2.1alpha1 not secure

======================
  
  Features added
  --------------
  
  * New event types 'comment' and 'pi' in ``iterparse()``.
  
  * ``XSLTAccessControl`` instances have a property ``options`` that
  returns a dict of access configuration options.
  
  * Constant instances ``DENY_ALL`` and ``DENY_WRITE`` on
  ``XSLTAccessControl`` class.
  
  * Extension elements for XSLT (experimental!)
  
  * ``Element.base`` property returns the xml:base or HTML base URL of
  an Element.
  
  * ``docinfo.URL`` property is writable.
  
  Bugs fixed
  ----------
  
  * Default encoding for plain text serialisation was different from
  that of XML serialisation (UTF-8 instead of ASCII).
  
  Other changes
  -------------
  
  * Minor API speed-ups.
  
  * The benchmark suite now uses tail text in the trees, which makes the
  absolute numbers incomparable to previous results.
  
  * Generating the HTML documentation now requires Pygments_, which is
  used to enable syntax highlighting for the doctest examples.
  
  .. _Pygments: http://pygments.org/
  
  Most long-time deprecated functions and methods were removed:
  
  - ``etree.clearErrorLog()``, use ``etree.clear_error_log()``
  
  - ``etree.useGlobalPythonLog()``, use
  ``etree.use_global_python_log()``
  
  - ``etree.ElementClassLookup.setFallback()``, use
  ``etree.ElementClassLookup.set_fallback()``
  
  - ``etree.getDefaultParser()``, use ``etree.get_default_parser()``
  
  - ``etree.setDefaultParser()``, use ``etree.set_default_parser()``
  
  - ``etree.setElementClassLookup()``, use
  ``etree.set_element_class_lookup()``
  
  Note that ``parser.setElementClassLookup()`` has not been removed
  yet, although ``parser.set_element_class_lookup()`` should be used
  instead.
  
  - ``xpath_evaluator.registerNamespace()``, use
  ``xpath_evaluator.register_namespace()``
  
  - ``xpath_evaluator.registerNamespaces()``, use
  ``xpath_evaluator.register_namespaces()``
  
  - ``objectify.setPytypeAttributeTag``, use
  ``objectify.set_pytype_attribute_tag``
  
  - ``objectify.setDefaultParser()``, use
  ``objectify.set_default_parser()``

2.0.11 not secure

===================
  
  Bugs fixed
  ----------
  
  * Crash when using an XPath evaluator in multiple threads.

2.0.10 not secure

===================
  
  Bugs fixed
  ----------
  
  * Ref-count leaks when lxml enters a try-except statement while an
  outside exception lives in sys.exc_*(). This was due to a problem in
  Cython, not lxml itself.

2.0.9 not secure

==================
  
  Bugs fixed
  ----------
  
  * Memory problem when passing documents between threads.
  
  * Target parser did not honour the ``recover`` option and raised an
  exception instead of calling ``.close()`` on the target.

2.0.8 not secure

==================
  
  Features added
  --------------
  
  * ``lxml.html.rewrite_links()`` strips links to work around documents
  with whitespace in URL attributes.
  
  Bugs fixed
  ----------
  
  * Crash when parsing XSLT stylesheets in a thread and using them in
  another.
  
  * CSS selector parser dropped remaining expression after a function
  with parameters.
  
  Other changes
  -------------

2.0.7 not secure

==================
  
  Features added
  --------------
  
  * Pickling ``ElementTree`` objects in lxml.objectify.
  
  Bugs fixed
  ----------
  
  * Descending dot-separated classes in CSS selectors were not resolved
  correctly.
  
  * ``ElementTree.parse()`` didn't handle target parser result.
  
  * Potential threading problem in XInclude.
  
  * Crash in Element class lookup classes when the __init__() method of
  the super class is not called from Python subclasses.
  
  Other changes
  -------------
  
  * Non-ASCII characters in attribute values are no longer escaped on
  serialisation.

2.0.6 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Incorrect evaluation of ``el.find("tag[child]")``.
  
  * Windows build was broken.
  
  * Moving a subtree from a document created in one thread into a
  document of another thread could crash when the rest of the source
  document is deleted while the subtree is still in use.
  
  * Rare crash when serialising to a file object with certain encodings.
  
  Other changes
  -------------
  
  * lxml should now build without problems on MacOS-X.

2.0.5 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Resolving to a filename in custom resolvers didn't work.
  
  * lxml did not honour libxslt's second error state "STOPPED", which
  let some XSLT errors pass silently.
  
  * Memory leak in Schematron with libxml2 >= 2.6.31.
  
  Other changes
  -------------

2.0.4 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * Hanging thread in conjunction with GTK threading.
  
  * Crash bug in iterparse when moving elements into other documents.
  
  * HTML elements' ``.cssselect()`` method was broken.
  
  * ``ElementTree.find*()`` didn't accept QName objects.
  
  Other changes
  -------------

2.0.3 not secure

==================
  
  Features added
  --------------
  
  * soupparser.parse() allows passing keyword arguments on to
  BeautifulSoup.
  
  * ``fromstring()`` method in ``lxml.html.soupparser``.
  
  Bugs fixed
  ----------
  
  * ``lxml.html.diff`` didn't treat empty tags properly (e.g.,
  ``<br>``).
  
  * Handle entity replacements correctly in target parser.
  
  * Crash when using ``iterparse()`` with XML Schema validation.
  
  * The BeautifulSoup parser (soupparser.py) did not replace entities,
  which made them turn up in text content.
  
  * Attribute assignment of custom PyTypes in objectify could fail to
  correctly serialise the value to a string.
  
  Other changes
  -------------
  
  * ``lxml.html.ElementSoup`` was replaced by a new module
  ``lxml.html.soupparser`` with a more consistent API.  The old module
  remains for compatibility with ElementTree's own ElementSoup module.
  
  * Setting the XSLT_CONFIG and XML2_CONFIG environment variables at
  build time will let setup.py pick up the ``xml2-config`` and
  ``xslt-config`` scripts from the supplied path name.
  
  * Passing ``--with-xml2-config=/path/to/xml2-config`` to setup.py will
  override the ``xml2-config`` script that is used to determine the C
  compiler options.  The same applies for the ``--with-xslt-config``
  option.

2.0.2 not secure

==================
  
  Features added
  --------------
  
  * Support passing ``base_url`` to file parser functions to override
  the filename of the file(-like) object.
  
  Bugs fixed
  ----------
  
  * The prefix for objectify's pytype namespace was missing from the set
  of default prefixes.
  
  * Memory leak in Schematron (fixed only for libxml2 2.6.31+).
  
  * Error type names in RelaxNG were reported incorrectly.
  
  * Slice deletion bug fixed in objectify.
  
  Other changes
  -------------
  
  * Enabled doctests for some Python modules (especially ``lxml.html``).
  
  * Add a ``method`` argument to ``lxml.html.tostring()``
  (``method="xml"`` for XHTML output).
  
  * Make it clearer that methods like ``lxml.html.fromstring()`` take a
  ``base_url`` argument.

2.0.1 not secure

==================
  
  Features added
  --------------
  
  * Child iteration in ``lxml.pyclasslookup``.
  
  * Loads of new docstrings reflect the signature of functions and
  methods to make them visible in API docs and ``help()``
  
  Bugs fixed
  ----------
  
  * The module ``lxml.html.builder`` was duplicated as
  ``lxml.htmlbuilder``
  
  * Form elements would return None for ``form.fields.keys()`` if there
  was an unnamed input field.  Now unnamed input fields are completely
  ignored.
  
  * Setting an element slice in objectify could insert slice-overlapping
  elements at the wrong position.
  
  Other changes
  -------------
  
  * The generated API documentation was cleaned up and disburdened from
  non-public classes etc.
  
  * The previously public module ``lxml.html.setmixin`` was renamed to
  ``lxml.html._setmixin`` as it is not an official part of lxml.  If
  you want to use it, feel free to copy it over to your own source
  base.
  
  * Passing ``--with-xslt-config=/path/to/xslt-config`` to setup.py will
  override the ``xslt-config`` script that is used to determine the C
  compiler options.

2.0 not secure

================
  
  Features added
  --------------
  
  * Passing the ``unicode`` type as ``encoding`` to ``tostring()`` will
  serialise to unicode.  The ``tounicode()`` function is now
  deprecated.
  
  * ``XMLSchema()`` and ``RelaxNG()`` can parse from StringIO.
  
  * ``makeparser()`` function in ``lxml.objectify`` to create a new
  parser with the usual objectify setup.
  
  * Plain ASCII XPath string results are no longer forced into unicode
  objects as in 2.0beta1, but are returned as plain strings as before.
  
  * All XPath string results are 'smart' objects that have a
  ``getparent()`` method to retrieve their parent Element.
  
  * ``with_tail`` option in serialiser functions.
  
  * More accurate exception messages in validator creation.
  
  * Parse-time XML schema validation (``schema`` parser keyword).
  
  * XPath string results of the ``text()`` function and attribute
  selection make their Element container accessible through a
  ``getparent()`` method.  As a side-effect, they are now always
  unicode objects (even ASCII strings).
  
  * ``XSLT`` objects are usable in any thread - at the cost of a deep
  copy if they were not created in that thread.
  
  * Invalid entity names and character references will be rejected by
  the ``Entity()`` factory.
  
  * ``entity.text`` returns the textual representation of the entity,
  e.g. ``&amp;``.
  
  * New properties ``position`` and ``code`` on ParseError exception (as
  in ET 1.3)
  
  * Rich comparison of ``element.attrib`` proxies.
  
  * ElementTree compatible TreeBuilder class.
  
  * Use default prefixes for some common XML namespaces.
  
  * ``lxml.html.clean.Cleaner`` now allows for a ``host_whitelist``, and
  two overridable methods: ``allow_embedded_url(el, url)`` and the
  more general ``allow_element(el)``.
  
  * Extended slicing of Elements as in ``element[1:-1:2]``, both in
  etree and in objectify
  
  * Resolvers can now provide a ``base_url`` keyword argument when
  resolving a document as string data.
  
  * When using ``lxml.doctestcompare`` you can give the doctest option
  ``NOPARSE_MARKUP`` (like `` doctest: +NOPARSE_MARKUP``) to suppress
  the special checking for one test.
  
  * Separate ``feed_error_log`` property for the feed parser interface.
  The normal parser interface and ``iterparse`` continue to use
  ``error_log``.
  
  * The normal parsers and the feed parser interface are now separated
  and can be used concurrently on the same parser instance.
  
  * ``fromstringlist()`` and ``tostringlist()`` functions as in
  ElementTree 1.3
  
  * ``iterparse()`` accepts an ``html`` boolean keyword argument for
  parsing with the HTML parser (note that this interface may be
  subject to change)
  
  * Parsers accept an ``encoding`` keyword argument that overrides the encoding
  of the parsed documents.
  
  * New C-API function ``hasChild()`` to test for children
  
  * ``annotate()`` function in objectify can annotate with Python types and XSI
  types in one step.  Accompanied by ``xsiannotate()`` and ``pyannotate()``.
  
  * ``ET.write()``, ``tostring()`` and ``tounicode()`` now accept a keyword
  argument ``method`` that can be one of 'xml' (or None), 'html' or 'text' to
  serialise as XML, HTML or plain text content.
  
  * ``iterfind()`` method on Elements returns an iterator equivalent to
  ``findall()``
  
  * ``itertext()`` method on Elements
  
  * Setting a QName object as value of the .text property or as an attribute
  will resolve its prefix in the respective context
  
  * ElementTree-like parser target interface as described in
  http://effbot.org/elementtree/elementtree-xmlparser.htm
  
  * ElementTree-like feed parser interface on XMLParser and HTMLParser
  (``feed()`` and ``close()`` methods)
  
  * Reimplemented ``objectify.E`` for better performance and improved
  integration with objectify.  Provides extended type support based on
  registered PyTypes.
  
  * XSLT objects now support deep copying
  
  * New ``makeSubElement()`` C-API function that allows creating a new
  subelement straight with text, tail and attributes.
  
  * XPath extension functions can now access the current context node
  (``context.context_node``) and use a context dictionary
  (``context.eval_context``) from the context provided in their first
  parameter
  
  * HTML tag soup parser based on BeautifulSoup in ``lxml.html.ElementSoup``
  
  * New module ``lxml.doctestcompare`` by Ian Bicking for writing simplified
  doctests based on XML/HTML output.  Use by importing ``lxml.usedoctest`` or
  ``lxml.html.usedoctest`` from within a doctest.
  
  * New module ``lxml.cssselect`` by Ian Bicking for selecting Elements with CSS
  selectors.
  
  * New package ``lxml.html`` written by Ian Bicking for advanced HTML
  treatment.
  
  * Namespace class setup is now local to the ``ElementNamespaceClassLookup``
  instance and no longer global.
  
  * Schematron validation (incomplete in libxml2)
  
  * Additional ``stringify`` argument to ``objectify.PyType()`` takes a
  conversion function to strings to support setting text values from arbitrary
  types.
  
  * Entity support through an ``Entity`` factory and element classes.  XML
  parsers now have a ``resolve_entities`` keyword argument that can be set to
  False to keep entities in the document.
  
  * ``column`` field on error log entries to accompany the ``line`` field
  
  * Error specific messages in XPath parsing and evaluation
  NOTE: for evaluation errors, you will now get an XPathEvalError instead of
  an XPathSyntaxError.  To catch both, you can except on ``XPathError``
  
  * The regular expression functions in XPath now support passing a node-set
  instead of a string
  
  * Extended type annotation in objectify: new ``xsiannotate()`` function
  
  * EXSLT RegExp support in standard XPath (not only XSLT)
  
  Bugs fixed
  ----------
  
  * Missing import in ``lxml.html.clean``.
  
  * Some Python 2.4-isms prevented lxml from building/running under
  Python 2.3.
  
  * XPath on ElementTrees could crash when selecting the virtual root
  node of the ElementTree.
  
  * Compilation ``--without-threading`` was buggy in alpha5/6.
  
  * Memory leak in the ``parse()`` function.
  
  * Minor bugs in XSLT error message formatting.
  
  * Result document memory leak in target parser.
  
  * Target parser failed to report comments.
  
  * In the ``lxml.html`` ``iter_links`` method, links in ``<object>``
  tags weren't recognized.  (Note: plugin-specific link parameters
  still aren't recognized.)  Also, the ``<embed>`` tag, though not
  standard, is now included in ``lxml.html.defs.special_inline_tags``.
  
  * Using custom resolvers on XSLT stylesheets parsed from a string
  could request ill-formed URLs.
  
  * With ``lxml.doctestcompare`` if you do ``<tag xmlns="...">`` in your
  output, it will then be namespace-neutral (before the ellipsis was
  treated as a real namespace).
  
  * AttributeError in feed parser on parse errors
  
  * XML feed parser setup problem
  
  * Type annotation for unicode strings in ``DataElement()``
  
  * lxml failed to serialise namespace declarations of elements other than the
  root node of a tree
  
  * Race condition in XSLT where the resolver context leaked between concurrent
  XSLT calls
  
  * lxml.etree did not check tag/attribute names
  
  * The XML parser did not report undefined entities as error
  
  * The text in exceptions raised by XML parsers, validators and XPath
  evaluators now reports the first error that occurred instead of the last
  
  * Passing '' as XPath namespace prefix did not raise an error
  
  * Thread safety in XPath evaluators
  
  Other changes
  -------------
  
  * Exceptions carry only the part of the error log that is related to
  the operation that caused the error.
  
  * ``XMLSchema()`` and ``RelaxNG()`` now enforce passing the source
  file/filename through the ``file`` keyword argument.
  
  * The test suite now skips most doctests under Python 2.3.
  
  * ``make clean`` no longer removes the .c files (use ``make
  realclean`` instead)
  
  * Minor performance tweaks for Element instantiation and subelement
  creation
  
  * Various places in the XPath, XSLT and iteration APIs now require
  keyword-only arguments.
  
  * The argument order in ``element.itersiblings()`` was changed to
  match the order used in all other iteration methods.  The second
  argument ('preceding') is now a keyword-only argument.
  
  * The ``getiterator()`` method on Elements and ElementTrees was
  reverted to return an iterator as it did in lxml 1.x.  The ET API
  specification allows it to return either a sequence or an iterator,
  and it traditionally returned a sequence in ET and an iterator in
  lxml.  However, it is now deprecated in favour of the ``iter()``
  method, which should be used in new code wherever possible.
  
  * The 'pretty printed' serialisation of ElementTree objects now
  inserts newlines at the root level between processing instructions,
  comments and the root tag.
  
  * A 'pretty printed' serialisation is now terminated with a newline.
  
  * Second argument to ``lxml.etree.Extension()`` helper is no longer
  required, third argument is now a keyword-only argument ``ns``.
  
  * ``lxml.html.tostring`` takes an ``encoding`` argument.
  
  * The module source files were renamed to "lxml.*.pyx", such as
  "lxml.etree.pyx".  This was changed for consistency with the way
  Pyrex commonly handles package imports.  The main effect is that
  classes now know about their fully qualified class name, including
  the package name of their module.
  
  * Keyword-only arguments in some API functions, especially in the
  parsers and serialisers.
  
  * Tag name validation in lxml.etree (and lxml.html) now distinguishes
  between HTML tags and XML tags based on the parser that was used to
  parse or create them.  HTML tags no longer reject any non-ASCII
  characters in tag names but only spaces and the special characters
  ``<>&/"'``.
  
  * lxml.etree now emits a warning if you use XPath with libxml2 2.6.27
  (which can crash on certain XPath errors)
  
  * Type annotation in objectify now preserves the already annotated type by
  default to prevent losing type information that is already there.
  
  * ``element.getiterator()`` returns a list, use ``element.iter()`` to retrieve
  an iterator (ElementTree 1.3 compatible behaviour)
  
  * objectify.PyType for None is now called "NoneType"
  
  * ``el.getiterator()`` renamed to ``el.iter()``, following ElementTree 1.3 -
  original name is still available as alias
  
  * In the public C-API, ``findOrBuildNodeNs()`` was replaced by the more
  generic ``findOrBuildNodeNsPrefix``
  
  * Major refactoring in XPath/XSLT extension function code
  
  * Network access in parsers disabled by default

1.3.6 not secure

==================
  
  Bugs fixed
  ----------
  
  * Backported decref crash fix from 2.0
  
  * Well hidden free-while-in-use crash bug in ObjectPath
  
  Other changes
  -------------
  
  * The test suites now run ``gc.collect()`` in the ``tearDown()``
  methods.  While this makes them take a lot longer to run, it also
  makes it easier to link a specific test to garbage collection
  problems that would otherwise appear in later tests.

1.3.5 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * lxml.etree could crash when adding more than 10000 namespaces to a
  document
  
  * lxml failed to serialise namespace declarations of elements other
  than the root node of a tree

1.3.4 not secure

==================
  
  Features added
  --------------
  
  * The ``ElementMaker`` in ``lxml.builder`` now accepts the keyword arguments
  ``namespace`` and ``nsmap`` to set a namespace and nsmap for the Elements it
  creates.
  
  * The ``docinfo`` on ElementTree objects has new properties ``internalDTD``
  and ``externalDTD`` that return a DTD object for the internal or external
  subset of the document respectively.
  
  * Serialising an ElementTree now includes any internal DTD subsets that are
  part of the document, as well as comments and PIs that are siblings of the
  root node.
  
  Bugs fixed
  ----------
  
  * Parsing with the ``no_network`` option could fail
  
  Other changes
  -------------
  
  * lxml now raises a TagNameWarning about tag names containing ':' instead of
  an Error as 1.3.3 did.  The reason is that a number of projects currently
  misuse the previous lack of tag name validation to generate namespace
  prefixes without declaring namespaces.  Apart from the danger of generating
  broken XML this way, it also breaks most of the namespace-aware tools in
  XML, including XPath, XSLT and validation.  lxml 1.3.x will continue to
  support this bug with a Warning, while lxml 2.0 will be strict about
  well-formed tag names (not only regarding ':').
  
  * Serialising an Element no longer includes its comment and PI siblings (only
  ElementTree serialisation includes them).

1.3.3 not secure

==================
  
  Features added
  --------------
  
  * ElementTree compatible parser ``ETCompatXMLParser`` strips processing
  instructions and comments while parsing XML
  
  * Parsers now support stripping PIs (keyword argument 'remove_pis')
  
  * ``etree.fromstring()`` now supports parsing both HTML and XML, depending on
  the parser you pass.
  
  * Support ``base_url`` keyword argument in ``HTML()`` and ``XML()``
  
  Bugs fixed
  ----------
  
  * Parsing from Python Unicode strings failed on some platforms
  
  * ``Element()`` did not raise an exception on tag names containing ':'
  
  * ``Element.getiterator(tag)`` did not accept ``Comment`` and
  ``ProcessingInstruction`` as tags. It also accepts ``Element`` now.

1.3.2 not secure

==================
  
  Features added
  --------------
  
  Bugs fixed
  ----------
  
  * "deallocating None" crash bug

1.3.1 not secure

==================
  
  Features added
  --------------
  
  * objectify.DataElement now supports setting values from existing data
  elements (not just plain Python types) and reuses defined namespaces etc.
  
  * E-factory support for lxml.objectify (``objectify.E``)
  
  Bugs fixed
  ----------
  
  * Better way to prevent crashes in Element proxy cleanup code
  
  * objectify.DataElement didn't set up None value correctly
  
  * objectify.DataElement didn't check the value against the provided type hints
  
  * Reference-counting bug in ``Element.attrib.pop()``

1.3 not secure

================
  
  Features added
  --------------
  
  * Module ``lxml.pyclasslookup`` module implements an Element class lookup
  scheme that can access the entire tree in read-only mode to help determining
  a suitable Element class
  
  * Parsers take a ``remove_comments`` keyword argument that skips over comments
  
  * ``parse()`` function in ``objectify``, corresponding to ``XML()`` etc.
  
  * ``Element.addnext(el)`` and ``Element.addprevious(el)`` methods to support
  adding processing instructions and comments around the root node
  
  * ``Element.attrib`` was missing ``clear()`` and ``pop()`` methods
  
  * Extended type annotation in objectify: cleaner annotation namespace setup
  plus new ``deannotate()`` function
  
  * Support for custom Element class instantiation in lxml.sax: passing a
  ``makeelement`` function to the ElementTreeContentHandler will reuse the
  lookup context of that function
  
  * '.' represents empty ObjectPath (identity)
  
  * ``Element.values()`` to accompany the existing ``.keys()`` and ``.items()``
  
  * ``collectAttributes()`` C-function to build a list of attribute
  keys/values/items for a libxml2 node
  
  * ``DTD`` validator class (like ``RelaxNG`` and ``XMLSchema``)
  
  * HTML generator helpers by Fredrik Lundh in ``lxml.htmlbuilder``
  
  * ``ElementMaker`` XML generator by Fredrik Lundh in ``lxml.builder.E``
  
  * Support for pickling ``objectify.ObjectifiedElement`` objects to XML
  
  * ``update()`` method on Element.attrib
  
  * Optimised replacement for libxml2's _xmlReconsiliateNs(). This allows lxml
  a better handling of namespaces when moving elements between documents.
  
  Bugs fixed
  ----------
  
  * Removing Elements from a tree could make them lose their namespace
  declarations
  
  * ``ElementInclude`` didn't honour base URL of original document
  
  * Replacing the children slice of an Element would cut off the tails of the
  original children
  
  * ``Element.getiterator(tag)`` did not accept ``Comment`` and
  ``ProcessingInstruction`` as tags
  
  * API functions now check incoming strings for XML conformity.  Zero bytes or
  low ASCII characters are no longer accepted (AssertionError).
  
  * XSLT parsing failed to pass resolver context on to imported documents
  
  * passing '' as namespace prefix in nsmap could be passed through to libxml2
  
  * Objectify couldn't handle prefixed XSD type names in ``xsi:type``
  
  * More ET compatible behaviour when writing out XML declarations or not
  
  * More robust error handling in ``iterparse()``
  
  * Documents lost their top-level PIs and comments on serialisation
  
  * lxml.sax failed on comments and PIs. Comments are now properly ignored and
  PIs are copied.
  
  * Possible memory leaks in namespace handling when moving elements between
  documents
  
  Other changes
  -------------
  
  * major restructuring in the documentation

1.2.1 not secure

==================
  
  Bugs fixed
  ----------
  
  * Build fixes for MS compiler
  
  * Item assignments to special names like ``element["text"]`` failed
  
  * Renamed ObjectifiedDataElement.__setText() to _setText() to make it easier
  to access
  
  * The pattern for attribute names in ObjectPath was too restrictive

1.2 not secure

================
  
  Features added
  --------------
  
  * Rich comparison of QName objects
  
  * Support for regular expressions in benchmark selection
  
  * get/set emulation (not .attrib!) for attributes on processing instructions
  
  * ElementInclude Python module for ElementTree compatible XInclude processing
  that honours custom resolvers registered with the source document
  
  * ElementTree.parser property holds the parser used to parse the document
  
  * setup.py has been refactored for greater readability and flexibility
  
  * --rpath flag to setup.py to induce automatic linking-in of dynamic library
  runtime search paths has been renamed to --auto-rpath. This makes it
  possible to pass an --rpath directly to distutils; previously this was being
  shadowed.
  
  Bugs fixed
  ----------
  
  * Element instantiation now uses locks to prevent race conditions with threads
  
  * ElementTree.write() did not raise an exception when the file was not writable
  
  * Error handling could crash under Python <= 2.4.1 - fixed by disabling thread
  support in these environments
  
  * Element.find*() did not accept QName objects as path
  
  Other changes
  -------------
  
  * code cleanup: redundant _NodeBase super class merged into _Element class
  Note: although the impact should be zero in most cases, this change breaks
  the compatibility of the public C-API

1.1.2 not secure

==================
  
  Features added
  --------------
  
  * Data elements in objectify support repr(), which is now used by dump()
  
  * Source distribution now ships with a patched Pyrex
  
  * New C-API function makeElement() to create new elements with text,
  tail, attributes and namespaces
  
  * Reuse original parser flags for XInclude
  
  * Simplified support for handling XSLT processing instructions
  
  Bugs fixed
  ----------
  
  * Parser resources were not freed before the next parser run
  
  * Open files and XML strings returned by Python resolvers were not
  closed/freed
  
  * Crash in the IDDict returned by XMLDTDID
  
  * Copying Comments and ProcessingInstructions failed
  
  * Memory leak for external URLs in _XSLTProcessingInstruction.parseXSL()
  
  * Memory leak when garbage collecting tailed root elements
  
  * HTML script/style content was not propagated to .text
  
  * Show text xincluded between text nodes correctly in .text and .tail
  
  * 'integer * objectify.StringElement' operation was not supported

1.1.1 not secure

==================
  
  Features added
  --------------
  
  * XSLT profiling support (``profile_run`` keyword)
  
  * countchildren() method on objectify.ObjectifiedElement
  
  * Support custom elements for tree nodes in lxml.objectify
  
  Bugs fixed
  ----------
  
  * lxml.objectify failed to support long data values (e.g., "123L")
  
  * Error messages from XSLT did not reach ``XSLT.error_log``
  
  * Factories objectify.Element() and objectify.DataElement() were missing
  ``attrib`` and ``nsmap`` keyword arguments
  
  * Changing the default parser in lxml.objectify did not update the factories
  Element() and DataElement()
  
  * Let lxml.objectify.Element() always generate tree elements (not data
  elements)
  
  * Build under Windows failed ('\0' bug in patched Pyrex version)

1.1 not secure

================
  
  Features added
  --------------
  
  * Comments and processing instructions return '<!-- comment -->' and
  '<?pi-target content?>' for repr()
  
  * Parsers are now the preferred (and default) place where element class lookup
  schemes should be registered.  Namespace lookup is no longer supported by
  default.
  
  * Support for Python 2.5 beta
  
  * Unlock the GIL for deep copying documents and for XPath()
  
  * New ``compact`` keyword argument for parsing read-only documents
  
  * Support for parser options in iterparse()
  
  * The ``namespace`` axis is supported in XPath and returns (prefix, URI)
  tuples
  
  * The XPath expression "/" now returns an empty list instead of raising an
  exception
  
  * XML-Object API on top of lxml (lxml.objectify)
  
  * Customizable Element class lookup:
  
  * different pre-implemented lookup mechanisms
  
  * support for externally provided lookup functions
  
  * Support for processing instructions (ET-like, not compatible)
  
  * Public C-level API for independent extension modules
  
  * Module level ``iterwalk()`` function as 'iterparse' for trees
  
  * Module level ``iterparse()`` function similar to ElementTree (see
  documentation for differences)
  
  * Element.nsmap property returns a mapping of all namespace prefixes known at
  the Element to their namespace URI
  
  * Reentrant threading support in RelaxNG, XMLSchema and XSLT
  
  * Threading support in parsers and serializers:
  
  * All in-memory operations (tostring, parse(StringIO), etc.) free the GIL
  
  * File operations (on file names) free the GIL
  
  * Reading from file-like objects frees the GIL and reacquires it for reading
  
  * Serialisation to file-like objects is single-threaded (high lock overhead)
  
  * Element iteration over XPath axes:
  
  * Element.iterdescendants() iterates over the descendants of an element
  
  * Element.iterancestors() iterates over the ancestors of an element (from
  parent to parent)
  
  * Element.itersiblings() iterates over either the following or preceding
  siblings of an element
  
  * Element.iterchildren() iterates over the children of an element in either
  direction
  
  * All iterators support the ``tag`` keyword argument to restrict the
  generated elements
  
  * Element.getnext() and Element.getprevious() return the direct siblings of an
  element
  
  Bugs fixed
  ----------
  
  * filenames with local 8-bit encoding were not supported
  
  * 1.1beta did not compile under Python 2.3
  
  * ignore unknown 'pyval' attribute values in objectify
  
  * objectify.ObjectifiedElement.addattr() failed to accept Elements and Lists
  
  * objectify.ObjectPath.setattr() failed to accept Elements and Lists
  
  * XPathSyntaxError now inherits from XPathError
  
  * Threading race conditions in RelaxNG and XMLSchema
  
  * Crash when mixing elements from XSLT results into other trees, concurrent
  XSLT is only allowed when the stylesheet was parsed in the main thread
  
  * The EXSLT ``regexp:match`` function now works as defined (except for some
  differences in the regular expression syntax)
  
  * Setting element.text to '' returned None on request, not the empty string
  
  * ``iterparse()`` could crash on long XML files
  
  * Creating documents no longer copies the parser for later URL resolving.  For
  performance reasons, only a reference is kept.  Resolver updates on the
  parser will now be reflected by documents that were parsed before the
  change.  Although this should rarely become visible, it is a behavioral
  change from 1.0.

1.0.4 not secure

==================
  
  Features added
  --------------
  
  * List-like ``Element.extend()`` method
  
  Bugs fixed
  ----------
  
  * Crash in tail handling in ``Element.replace()``

1.0.3 not secure

==================
  
  Features added
  --------------
  
  * Element.replace(old, new) method to replace a subelement by another one
  
  Bugs fixed
  ----------
  
  * Crash when mixing elements from XSLT results into other trees
  
  * Copying/deepcopying did not work for ElementTree objects
  
  * Setting an attribute to a non-string value did not raise an exception
  
  * Element.remove() deleted the tail text from the removed Element

1.0.2 not secure

==================
  
  Features added
  --------------
  
  * Support for setting a custom default Element class as opposed to namespace
  specific classes (which still override the default class)
  
  Bugs fixed
  ----------
  
  * Rare exceptions in Python list functions were not handled
  
  * Parsing accepted unicode strings with XML encoding declaration in certain
  cases
  
  * Parsing 8-bit encoded strings from StringIO objects raised an exception
  
  * Module function ``initThread()`` was removed - useless (and never worked)
  
  * XSLT and parser exception messages include the error line number

1.0.1 not secure

==================
  
  Features added
  --------------
  
  * Repeated calls to Element.attrib now efficiently return the same instance
  
  Bugs fixed
  ----------
  
  * Document deallocation could crash in certain garbage collection scenarios
  
  * Extension function calls in XSLT variable declarations could break the
  stylesheet and crash on repeated calls
  
  * Deep copying Elements could lose namespaces declared in parents
  
  * Deep copying Elements did not copy tail
  
  * Parsing file(-like) objects failed to load external entities
  
  * Parsing 8-bit strings from file(-like) objects raised an exception
  
  * xsl:include failed when the stylesheet was parsed from a file-like object
  
  * lxml.sax.ElementTreeProducer did not call startDocument() / endDocument()
  
  * MSVC compiler complained about long strings (supports only 2048 bytes)

1.0 not secure

================
  
  Features added
  --------------
  
  * Element.getiterator() and the findall() methods support finding arbitrary
  elements from a namespace (pattern ``{namespace}*``)
  
  * Another speedup in tree iteration code
  
  * General speedup of Python Element object creation and deallocation
  
  * Writing C14N no longer serializes in memory (reduced memory footprint)
  
  * PyErrorLog for error logging through the Python ``logging`` module
  
  * ``Element.getroottree()`` returns an ElementTree for the root node of the
  document that contains the element.
  
  * ElementTree.getpath(element) returns a simple, absolute XPath expression to
  find the element in the tree structure
  
  * Error logs have a ``last_error`` attribute for convenience
  
  * Comment texts can be changed through the API
  
  * Formatted output via ``pretty_print`` keyword in serialization functions
  
  * XSLT can block access to file system and network via ``XSLTAccessControl``
  
  * ElementTree.write() no longer serializes in memory (reduced memory
  footprint)
  
  * Speedup of Element.findall(tag) and Element.getiterator(tag)
  
  * Support for writing the XML representation of Elements and ElementTrees to
  Python unicode strings via ``etree.tounicode()``
  
  * Support for writing XSLT results to Python unicode strings via ``unicode()``
  
  * Parsing a unicode string no longer copies the string (reduced memory
  footprint)
  
  * Parsing file-like objects reads chunks rather than the whole file (reduced
  memory footprint)
  
  * Parsing StringIO objects from the start avoids copying the string (reduced
  memory footprint)
  
  * Read-only 'docinfo' attribute in ElementTree class holds DOCTYPE
  information, original encoding and XML version as seen by the parser
  
  * etree module can be compiled without libxslt by commenting out the line
  ``include "xslt.pxi"`` near the end of the etree.pyx source file
  
  * Better error messages in parser exceptions
  
  * Error reporting also works in XSLT
  
  * Support for custom document loaders (URI resolvers) in parsers and XSLT,
  resolvers are registered at parser level
  
  * Implementation of exslt:regexp for XSLT based on the Python 're' module,
  enabled by default, can be switched off with 'regexp=False' keyword argument
  
  * Support for exslt extensions (libexslt) and libxslt extra functions
  (node-set, document, write, output)
  
  * Substantial speedup in XPath.evaluate()
  
  * HTMLParser for parsing (broken) HTML
  
  * XMLDTDID function parses XML into tuple (root node, ID dict) based on xml:id
  implementation of libxml2 (as opposed to ET compatible XMLID)
  
  Bugs fixed
  ----------
  
  * Memory leak in Element.__setitem__
  
  * Memory leak in Element.attrib.items() and Element.attrib.values()
  
  * Memory leak in XPath extension functions
  
  * Memory leak in unicode related setup code
  
  * Element now raises ValueError on empty tag names
  
  * Namespace fixing after moving elements between documents could fail if the
  source document was freed too early
  
  * Setting namespace-less tag names on namespaced elements ('{ns}t' -> 't')
  didn't reset the namespace
  
  * Unknown constants from newer libxml2 versions could raise exceptions in the
  error handlers
  
  * lxml.etree compiles much faster
  
  * On libxml2 <= 2.6.22, parsing strings with encoding declaration could fail
  in certain cases
  
  * Document reference in ElementTree objects was not updated when the root
  element was moved to a different document
  
  * Running absolute XPath expressions on an Element now evaluates against the
  root tree
  
  * Evaluating absolute XPath expressions (``/*``) on an ElementTree could fail
  
  * Crashes when calling XSLT, RelaxNG, etc. with uninitialized ElementTree
  objects
  
  * Removed public function ``initThreadLogging()``, replaced by more general
  ``initThread()`` which fixes a number of setup problems in threads
  
  * Memory leak when using iconv encoders in tostring/write
  
  * Deep copying Elements and ElementTrees maintains the document information
  
  * Serialization functions raise LookupError for unknown encodings
  
  * Memory deallocation crash resulting from deep copying elements
  
  * Some ElementTree methods could crash if the root node was not initialized
  (neither file nor element passed to the constructor)
  
  * Element/SubElement failed to set attribute namespaces from passed ``attrib``
  dictionary
  
  * ``tostring()`` adds an XML declaration for non-ASCII encodings
  
  * ``tostring()`` failed to serialize encodings that contain 0-bytes
  
  * ElementTree.xpath() and XPathDocumentEvaluator were not using the
  ElementTree root node as reference point
  
  * Calling ``document('')`` in XSLT failed to return the stylesheet

0.9.2 not secure

==================
  
  Features added
  --------------
  
  * Speedup for Element.makeelement(): the new element reuses the original
  libxml2 document instead of creating a new empty one
  
  * Speedup for reversed() iteration over element children (Py2.4+ only)
  
  * ElementTree compatible QName class
  
  * RelaxNG and XMLSchema accept any Element, not only ElementTrees
  
  Bugs fixed
  ----------
  
  * str(xslt_result) was broken for XSLT output other than UTF-8
  
  * Memory leak if write_c14n fails to write the file after conversion
  
  * Crash in XMLSchema and RelaxNG when passing non-schema documents
  
  * Memory leak in RelaxNG() when RelaxNGParseError is raised

0.9.1 not secure

==================
  
  Features added
  --------------
  
  * lxml.sax.ElementTreeContentHandler checks closing elements and raises
  SaxError on mismatch
  
  * lxml.sax.ElementTreeContentHandler supports namespace-less SAX events
  (startElement, endElement) and defaults to empty attributes (keyword
  argument)
  
  * Speedup for repeatedly accessing element tag names
  
  * Minor API performance improvements
  
  Bugs fixed
  ----------
  
  * Memory deallocation bug when using XSLT output method "html"
  
  * sax.py was handling UTF-8 encoded tag names where it shouldn't
  
  * lxml.tests package will no longer be installed (is still in source tar)

0.9 not secure

================
  
  Features added
  --------------
  
  * Error logging API for libxml2 error messages
  
  * Various performance improvements
  
  * Benchmark script for lxml, ElementTree and cElementTree
  
  * Support for registering extension functions through new FunctionNamespace
  class (see doc/extensions.txt)
  
  * ETXPath class for XPath expressions in ElementTree notation ('//{ns}tag')
  
  * Support for variables in XPath expressions (also in XPath class)
  
  * XPath class for compiled XPath expressions
  
  * XMLID module level function (ElementTree compatible)
  
  * XMLParser API for customized libxml2 parser configuration
  
  * Support for custom Element classes through new Namespace API (see
  doc/namespace_extensions.txt)
  
  * Common exception base class LxmlError for module exceptions
  
  * real iterator support in iter(Element), Element.getiterator()
  
  * XSLT objects are callable, result trees support str()
  
  * Added MANIFEST.in for easier creation of RPM files.
  
  * 'getparent' method on elements allows navigation to an element's
  parent element.
  
  * Python core compatible SAX tree builder and SAX event generator. See
  doc/sax.txt for more information.
  
  Bugs fixed
  ----------
  
  * Segfaults and memory leaks in various API functions of Element
  
  * Segfault in XSLT.tostring()
  
  * ElementTree objects no longer interfere, Elements can be root of different
  ElementTrees at the same time
  
  * document('') works in XSLT documents read from files (in-memory documents
  cannot support this due to libxslt deficiencies)

0.8

================
  
  Features added
  --------------
  
  * Support for copy.deepcopy() on elements. copy.copy() works also, but
  does the same thing, and does *not* create a shallow copy, as that
  makes no sense in the context of libxml2 trees. This means a
  potential incompatibility with ElementTree, but there's more chance
  that it works than if copy.copy() isn't supported at all.
  
  * Increased compatibility with (c)ElementTree; .parse() on ElementTree is
  supported and parsing of gzipped XML files works.
  
  * implemented index() on elements, allowing one to find the index of a
  SubElement.
  
  Bugs fixed
  ----------
  
  * Use xslt-config instead of xml2-config to find out libxml2
  directories to take into account a case where libxslt is installed
  in a different directory than libxslt.
  
  * Eliminate crash condition in iteration when text nodes are changed.
  
  * Passing 'None' to tostring() does not result in a segfault anymore,
  but an AssertionError.
  
  * Some test fixes for Windows.
  
  * Raise XMLSyntaxError and XPathSyntaxError instead of plain python
  syntax errors. This should be less confusing.
  
  * Fixed error with uncaught exception in Pyrex code.
  
  * Calling lxml.etree.fromstring('') throws XMLSyntaxError instead of a
  segfault.
  
  * has_key() works on attrib. 'in' tests also work correctly on attrib.
  
  * INSTALL.txt was saying 2.2.16 instead of 2.6.16 as a supported
  libxml2 version, as it should.
  
  * Passing a UTF-8 encoded string to the XML() function would fail;
  fixed.

0.7

================
  
  Features added
  --------------
  
  * parameters (XPath expressions) can be passed to XSLT using keyword
  parameters.
  
  * Simple XInclude support. Calling the xinclude() method on a tree
  will process any XInclude statements in the document.
  
  * XMLSchema support. Use the XMLSchema class or the convenience
  xmlschema() method on a tree to do XML Schema (XSD) validation.
  
  * Added convenience xslt() method on tree. This is less efficient
  than the XSLT object, but makes it easier to write quick code.
  
  * Added convenience relaxng() method on tree. This is less efficient
  than the RelaxNG object, but makes it easier to write quick code.
  
  * Make it possible to use XPathEvaluator with elements as well. The
  XPathEvaluator in this case will retain the element so multiple
  XPath queries can be made against one element efficiently. This
  replaces the second argument to the .evaluate() method that existed
  previously.
  
  * Allow registerNamespace() to be called on an XPathEvaluator, after
  creation, to add additional namespaces. Also allow registerNamespaces(),
  which does the same for a namespace dictionary.
  
  * Add 'prefix' attribute to element to be able to read prefix information.
  This is entirely read-only.
  
  * It is possible to supply an extra nsmap keyword parameter to
  the Element() and SubElement() constructors, which supplies a
  prefix to namespace URI mapping. This will create namespace
  prefix declarations on these elements and these prefixes will show up
  in XML serialization.
  
  Bugs fixed
  ----------
  
  * Killed yet another memory management related bug: trees created
  using newDoc would not get a libxml2-level dictionary, which caused
  problems when deallocating these documents later if they contained a
  node that came from a document with a dictionary.
  
  * Moving namespaced elements between documents was problematic as
  references to the original document would remain. This has been fixed
  by applying xmlReconciliateNs() after each move operation.
  
  * Can pass None to 'dump()' without segfaults.
  
  * tostring() works properly for non-root elements as well.
  
  * Cleaned out the tostring() method so it should handle encoding
  correctly.
  
  * Cleaned out the ElementTree.write() method so it should handle encoding
  correctly. Writing directly to a file should also be faster, as there is no
  need to go through a Python string in that case. Made sure the test cases
  test both serializing to StringIO as well as serializing to a real file.

0.6

================
  
  Features added
  --------------
  
  * Changed setup.py so that library_dirs is also guessed. This should
  help with compilation on the Mac OS X platform, where otherwise the
  wrong library (shipping with the OS) could be picked up.
  
  * Tweaked setup.py so that it picks up the version from version.txt.
  
  Bugs fixed
  ----------
  
  * Do the right thing when handling namespaced attributes.
  
  * fix bug where tostring() moved nodes into new documents. tostring()
  had very nasty side-effects before this fix, sorry!

0.5.1

==================
  
  * Python 2.2 compatibility fixes.
  
  * unicode fixes in Element() and Comment() as well as XML(); unicode
  input wasn't properly being UTF-8 encoded.

0.5

================
  
  Initial public release.

Links

Releases