cpython

mirror of https://github.com/python/cpython.git synced 2025-10-29 04:35:05 +00:00

History

Sebastian Pipping 6a95676bb5 gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 . ### Notes - Please treat as a security fix related to CVE-2023-52425. Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka.		2024-02-29 14:52:50 -08:00
..
__init__.py	gh-99482: remove `jython` compatibility parts from stdlib and tests (#99484 )	2022-12-23 14:17:24 -06:00
_exceptions.py	gh-99482: remove `jython` compatibility parts from stdlib and tests (#99484 )	2022-12-23 14:17:24 -06:00
expatreader.py	gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623)	2024-02-29 14:52:50 -08:00
handler.py
saxutils.py
xmlreader.py	bpo-45975: Simplify some while-loops with walrus operator (GH-29347)	2022-11-26 14:33:25 -08:00