Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-23 01:43:53 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Lib/xml
History
Sebastian Pipping 6a95676bb5
gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) 
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .

### Notes

- Please treat as a security fix related to CVE-2023-52425.

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
2024-02-29 14:52:50 -08:00
..
dom gh-50002: xml.dom.minidom now preserves whitespaces in attributes (GH-107947) 2023-08-23 15:23:41 +03:00
etree gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) 2024-02-29 14:52:50 -08:00
parsers remove __version__s dependent on subversion keyword expansion (closes #12221) 2011-05-31 20:52:17 -05:00
sax gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) 2024-02-29 14:52:50 -08:00
__init__.py Stop trying to use _xmlplus in the xml module. Closes #11164. 2011-05-09 08:05:43 +02:00