Bump version to 2.42.82.42.8

2 files changed, 11 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 6e598068..93bb40c7 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+Version 2.42.8
+- CVE-2019-20446 - Backport the following fixes from 2.46.x:
+
+- #515 - Librsvg now has limits on the number of loaded XML elements,
+  and the number of referenced elements within an SVG document.  This
+  is to mitigate malicious SVGs which try to consume all memory, and
+  those which try to consume an exponential amount of CPU time.
+
+- #308 - Fix stack exhaustion with circular references in <use> elements.
+
 Version 2.42.7
 - #323 - Fix a denial-of-service condition from exponential explosion
   of rendered elements, through nested use of SVG "use" elements in
diff --git a/configure.ac b/configure.ac
index 6a24c4a2..b3ab87db 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
 m4_define([rsvg_major_version],[2])
 m4_define([rsvg_minor_version],[42])
-m4_define([rsvg_micro_version],[7])
+m4_define([rsvg_micro_version],[8])
 m4_define([rsvg_extra_version],[])
 m4_define([rsvg_version],[rsvg_major_version.rsvg_minor_version.rsvg_micro_version()rsvg_extra_version])
 m4_define([rsvg_lt_version_info],m4_eval(rsvg_major_version + rsvg_minor_version):rsvg_micro_version:rsvg_minor_version)