8000 [3.8] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) by hartwork · Pull Request #116275 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

[3.8] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) #116275

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 6, 2024
Merged

[3.8] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) #116275

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1110d3e
gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425)…
hartwork Feb 29, 2024
ad77f04
gh-115398: Suggest use of `hasattr` with checking for 3.13 Expat API …
hartwork Mar 6, 2024
7e19a6f
RESTify news API list.
gpshead Mar 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
gh-115398: Suggest use of hasattr with checking for 3.13 Expat API … 
…availability (GH-116278)

Suggest use of "hasattr" with checking for 3.13 Expat API availability

(cherry picked from commit 73807eb)
  • Loading branch information
@hartwork
hartwork committed Mar 6, 2024
commit ad77f04082d746a296b8bc7b7891c3f79bb7c813
5 changes: 5 additions & 0 deletions Doc/library/pyexpat.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,11 @@ XMLParser Objects
Calling ``SetReparseDeferralEnabled(True)`` allows re-enabling reparse
deferral.

Note that :meth:`SetReparseDeferralEnabled` has been backported to some
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider eliding this first sentence within the 3.8 back port docs as it won't be backported further. The overall "check for availability" advice is valid regardless though.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gpshead I'm unsure of better wording, it's not wrong technically and I see some value in having all branches agree on this text — my vote for keeping as is. If it's dear to you, I can change it. In that case please help me find better wording for 3.8.

prior releases of CPython as a security fix. Check for availability of
:meth:`SetReparseDeferralEnabled` using :func:`hasattr` if used in code
running across a variety of Python versions.

.. versionadded:: 3.8.19

.. method:: xmlparser.GetReparseDeferralEnabled()
Expand Down
10 changes: 10 additions & 0 deletions Doc/library/xml.etree.elementtree.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1367,6 +1367,11 @@ XMLParser Objects
Disabling reparse deferral has security consequences; please see
:meth:`xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` for details.

Note that :meth:`flush` has been backported to some prior releases of
CPython as a security fix. Check for availability of :meth:`flush`
using :func:`hasattr` if used in code running across a variety of Python
versions.

.. versionadded:: 3.8.19


Expand Down Expand Up @@ -1440,6 +1445,11 @@ XMLPullParser Objects
Disabling reparse deferral has security consequences; please see
:meth:`xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` for details.

Note that :meth:`flush` has been backported to some prior releases of
CPython as a security fix. Check for availability of :meth:`flush`
using :func:`hasattr` if used in code running across a variety of Python
versions.

.. versionadded:: 3.8.19

.. method:: close()
Expand Down
0