]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ddc163d) | patch
[3.7] bpo-17239: Disable external entities in SAX parser (GH-9217) (GH-9511)
authorChristian Heimes <christian@python.org>
Mon, 24 Sep 2018 12:38:37 +0000 (14:38 +0200)
committerMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 24 Sep 2018 12:38:37 +0000 (05:38 -0700)
commit394e55a9279d17240ef6fe85d3b4ea3fe7b6dff5
tree2145116812df54659a7dd66f7b13d718472db531tree | snapshot
parentddc163df25191af5bf8000091dbf8f6500b1d7c9commit | diff
[3.7] bpo-17239: Disable external entities in SAX parser (GH-9217) (GH-9511)

The SAX parser no longer processes general external entities by default
to increase security. Before, the parser created network connections
to fetch remote files or loaded local files from the file system for DTD
and entities.

Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue17239.
(cherry picked from commit 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45)

Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue17239
Doc/library/xml.dom.pulldom.rst diff | blob | blame | history
Doc/library/xml.rst diff | blob | blame | history
Doc/library/xml.sax.rst diff | blob | blame | history
Doc/whatsnew/3.7.rst diff | blob | blame | history
Lib/test/test_pulldom.py diff | blob | blame | history
Lib/test/test_sax.py diff | blob | blame | history
Lib/test/test_xml_etree.py diff | blob | blame | history
Lib/xml/sax/expatreader.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git