Saw libexpat/expat/Changes at master · libexpat/libexpat and Unfixed non-public security issues · Issue #1160 · libexpat/libexpat.
Should that raise alarms, given that a copy of libexpat is bundled when not built against the OS-provided version?
2 Likes