Roundup Tracker - Issues

Message7837

Author rouilj
Recipients rouilj
Date 2023-09-30.23:46:17
Message-id <1696117577.92.0.252110767122.issue2551116@roundup.psfhosted.org>
In-reply-to 
https://discuss.python.org/t/status-of-defusedxml-and-recommendation-in-docs/34762/6

discusses using lxml as replacement for defusedxml as defusedxml had no updates
in two years untill two days ago 8-).

lxml also has a faq for security issues:
   https://lxml.de/FAQ.html#is-lxml-vulnerable-to-xml-bombs

but an item lower in the faq references defusedxml as a wrapper for lxml.

defusedxml 0.8.0b was released on 9/28/2023. So looks like defusedxml with a
system supplied libexpat of 2.4.0 or newer is the best route. This means
python 3.7 or newer for the newer libexpat IIUC.
History
Date User Action Args
2023-09-30 23:46:17rouiljsetmessageid: <1696117577.92.0.252110767122.issue2551116@roundup.psfhosted.org>
2023-09-30 23:46:17rouiljsetrecipients: + rouilj
2023-09-30 23:46:17rouiljlinkissue2551116 messages
2023-09-30 23:46:17rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020