From c85403b3bccb307082980c7fe67563fe0ae61d53 Mon Sep 17 00:00:00 2001
From: Daniel Parks <dp+git@oxidized.org>
Date: Mon, 13 Apr 2026 10:34:41 -0700
Subject: [PATCH 1/3] CHANGELOG.md: add security note about recent PR.

---
 CHANGELOG.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f369edcc..6332bfe2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,18 @@ All notable changes to this project will be documented in this file.
 * Clarify examples in documentation and README.
 * Fix a few spelling mistakes in documentation.
 
+### Security
+
+* [RUSTSEC-2026-0097]: the [rand] crate was unsound in certain circumstances.
+  Htmlize depends on [rand] via [phf] and couldn’t trigger the unsoundness on
+  its own. Thanks to [MarkusPettersson98] for the [PR][#124]!
+
+[RUSTSEC-2026-0097]: https://rustsec.org/advisories/RUSTSEC-2026-0097
+[rand]: https://crates.io/crates/rand
+[phf]: https://crates.io/crates/phf
+[MarkusPettersson98]: https://github.com/MarkusPettersson98
+[#124]: https://github.com/danielparks/htmlize/pull/124
+
 ## Release 1.0.6 (2025-04-26)
 
 * Switch dependency from [paste], which is no longer maintained, to a new fork,

From b89ec59c7267ff25ae92a251cd9613f47f0f8f4c Mon Sep 17 00:00:00 2001
From: Daniel Parks <dp+git@oxidized.org>
Date: Mon, 13 Apr 2026 10:54:10 -0700
Subject: [PATCH 2/3] Make `REPLACEMENT_CHAR_BYTES` public again.

---
 src/unescape/mod.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/unescape/mod.rs b/src/unescape/mod.rs
index ba642953..cf5642cc 100644
--- a/src/unescape/mod.rs
+++ b/src/unescape/mod.rs
@@ -233,3 +233,5 @@ pub mod internal;
 
 #[cfg(not(all(feature = "bench", not(doc))))]
 mod internal;
+
+pub use internal::REPLACEMENT_CHAR_BYTES;

From 35e2d112d60a2afd84e1c39dd58957317cbf5c50 Mon Sep 17 00:00:00 2001
From: Daniel Parks <dp+git@oxidized.org>
Date: Mon, 13 Apr 2026 10:57:02 -0700
Subject: [PATCH 3/3] Release 1.1.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Major performance improvements when unescaping text in many cases (for both
  the `unescape` and `unescape_fast` features).
* Major improvements in build time for the `unescape_fast` features (went from
  8 seconds to 3 seconds on my laptop).
* Add `BARE_ENTITY_MAX_LENGTH` constant that contains the length of the longest
  entity without a semicolon (enabled with feature `entities`).
* Clarify examples in documentation and README.
* Fix a few spelling mistakes in documentation.

### Security

* [RUSTSEC-2026-0097]: the [rand] crate was unsound in certain circumstances.
  Htmlize depends on [rand] via [phf] and couldn’t trigger the unsoundness on
  its own. Thanks to [MarkusPettersson98] for the [PR][#124]!

[RUSTSEC-2026-0097]: https://rustsec.org/advisories/RUSTSEC-2026-0097
[rand]: https://crates.io/crates/rand
[phf]: https://crates.io/crates/phf
[MarkusPettersson98]: https://github.com/MarkusPettersson98
[#124]: https://github.com/danielparks/htmlize/pull/124
---
 CHANGELOG.md |  2 +-
 Cargo.lock   |  2 +-
 Cargo.toml   |  2 +-
 README.md    | 22 +++++++++++-----------
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6332bfe2..fea69b74 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,7 @@
 
 All notable changes to this project will be documented in this file.
 
-## main branch
+## Release 1.1.0 (2026-04-13)
 
 * Major performance improvements when unescaping text in many cases (for both
   the `unescape` and `unescape_fast` features).
diff --git a/Cargo.lock b/Cargo.lock
index c8da361d..2151ef94 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -252,7 +252,7 @@ checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
 
 [[package]]
 name = "htmlize"
-version = "1.0.6"
+version = "1.1.0"
 dependencies = [
  "assert2",
  "criterion",
diff --git a/Cargo.toml b/Cargo.toml
index c45482a9..4529cc29 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "htmlize"
-version = "1.0.6"
+version = "1.1.0"
 authors = ["Daniel Parks <oss-htmlize@demonhorse.org>"]
 description = "Correctly encode and decode HTML entities in UTF-8"
 homepage = "https://github.com/danielparks/htmlize"
diff --git a/README.md b/README.md
index e629fe2a..3a5aaab5 100644
--- a/README.md
+++ b/README.md
@@ -217,20 +217,20 @@ additional terms or conditions.
 
 [docs.rs]: https://docs.rs/htmlize/latest/htmlize/
 [crates.io]: https://crates.io/crates/htmlize
-[`escape_text()`]: https://docs.rs/htmlize/1.0.6/htmlize/fn.escape_text.html
-[`escape_text_bytes()`]: https://docs.rs/htmlize/1.0.6/htmlize/fn.escape_text_bytes.html
-[`escape_attribute()`]: https://docs.rs/htmlize/1.0.6/htmlize/fn.escape_attribute.html
-[`escape_attribute_bytes()`]: https://docs.rs/htmlize/1.0.6/htmlize/fn.escape_attribute_bytes.html
-[`escape_all_quotes()`]: https://docs.rs/htmlize/1.0.6/htmlize/fn.escape_all_quotes.html
-[`escape_all_quotes_bytes()`]: https://docs.rs/htmlize/1.0.6/htmlize/fn.escape_all_quotes_bytes.html
-[`unescape()`]: https://docs.rs/htmlize/1.0.6/htmlize/fn.unescape.html
-[`unescape_attribute()`]: https://docs.rs/htmlize/1.0.6/htmlize/fn.unescape_attribute.html
-[`unescape_in()`]: https://docs.rs/htmlize/1.0.6/htmlize/fn.unescape_in.html
-[`unescape_bytes_in()`]: https://docs.rs/htmlize/1.0.6/htmlize/fn.unescape_bytes_in.html
+[`escape_text()`]: https://docs.rs/htmlize/1.1.0/htmlize/fn.escape_text.html
+[`escape_text_bytes()`]: https://docs.rs/htmlize/1.1.0/htmlize/fn.escape_text_bytes.html
+[`escape_attribute()`]: https://docs.rs/htmlize/1.1.0/htmlize/fn.escape_attribute.html
+[`escape_attribute_bytes()`]: https://docs.rs/htmlize/1.1.0/htmlize/fn.escape_attribute_bytes.html
+[`escape_all_quotes()`]: https://docs.rs/htmlize/1.1.0/htmlize/fn.escape_all_quotes.html
+[`escape_all_quotes_bytes()`]: https://docs.rs/htmlize/1.1.0/htmlize/fn.escape_all_quotes_bytes.html
+[`unescape()`]: https://docs.rs/htmlize/1.1.0/htmlize/fn.unescape.html
+[`unescape_attribute()`]: https://docs.rs/htmlize/1.1.0/htmlize/fn.unescape_attribute.html
+[`unescape_in()`]: https://docs.rs/htmlize/1.1.0/htmlize/fn.unescape_in.html
+[`unescape_bytes_in()`]: https://docs.rs/htmlize/1.1.0/htmlize/fn.unescape_bytes_in.html
 [`Cow`]: https://doc.rust-lang.org/std/borrow/enum.Cow.html
 [official WHATWG spec]: https://html.spec.whatwg.org/multipage/parsing.html#character-reference-state
 [phf]: https://crates.io/crates/phf
-[features]: https://docs.rs/htmlize/1.0.6/htmlize/index.html#features
+[features]: https://docs.rs/htmlize/1.1.0/htmlize/index.html#features
 [iai]: https://crates.io/crates/iai
 [criterion]: https://crates.io/crates/criterion
 [`cargo criterion`]: https://crates.io/crates/cargo-criterion