diff options
| author |   Christian Heimes <christian@python.org> | 2018-09-24 14:38:31 +0200 |
|---|---|---|
| committer |   Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2018-09-24 05:38:31 -0700 |
| commit | 582d188e6e3487180891f1fc457a80dec8be26a8 (patch) | |
| tree | 0080016b5033cc4393f90ec10f4aeeeccedfe373 /Misc/NEWS.d/next/Security | |
| parent | bpo-34548: IDLE: use configured theme colors in TextView (GH-9008) (diff) | |
| download | cpython-582d188e6e3487180891f1fc457a80dec8be26a8.tar.gz cpython-582d188e6e3487180891f1fc457a80dec8be26a8.tar.bz2 cpython-582d188e6e3487180891f1fc457a80dec8be26a8.zip | |
[3.6] bpo-17239: Disable external entities in SAX parser (GH-9217) (GH-9512)
The SAX parser no longer processes general external entities by default
to increase security. Before, the parser created network connections
to fetch remote files or loaded local files from the file system for DTD
and entities.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue17239.
(cherry picked from commit 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue17239
Diffstat (limited to 'Misc/NEWS.d/next/Security')
| -rw-r--r-- | Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst new file mode 100644 index 00000000000..8dd0fe8c1b5 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst @@ -0,0 +1,3 @@ +The xml.sax and xml.dom.minidom parsers no longer processes external +entities by default. External DTD and ENTITY declarations no longer +load files or create network connections. |