8000 [3.7] bpo-17239: Disable external entities in SAX parser (GH-9217) by tiran · Pull Request #9511 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

[3.7] bpo-17239: Disable external entities in SAX parser (GH-9217) #9511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 24, 2018
Merged

[3.7] bpo-17239: Disable external entities in SAX parser (GH-9217) #9511

merged 1 commit into from
Sep 24, 2018

Conversation

tiran
Copy link
Member
@tiran tiran commented Sep 23, 2018
edited by bedevere-bot
Loading

The SAX parser no longer processes general external entities by default
to increase security. Before, the parser created network connections
to fetch remote files or loaded local files from the file system for DTD
and entities.

Signed-off-by: Christian Heimes christian@python.org

https://bugs.python.org/issue17239.
(cherry picked from commit 17b1d5d)

Co-authored-by: Christian Heimes christian@python.org

https://bugs.python.org/issue17239

@bedevere-bot bedevere-bot added the type-security A security issue label Sep 23, 2018
@bedevere-bot bedevere-bot mentioned this pull request Sep 23, 2018
Merged
@tiran
[3.7] bpo-17239: Disable external entities in SAX parser (pythonGH-9217)
018fd09 
The SAX parser no longer processes general external entities by default
to increase security. Before, the parser created network connections
to fetch remote files or loaded local files from the file system for DTD
and entities.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue17239.
(cherry picked from commit 17b1d5d)

Co-authored-by: Christian Heimes <christian@python.org>
@tiran tiran force-pushed the backport-17b1d5d-3.7 branch from 933739f to 018fd09 Compare September 23, 2018 08:00
@miss-islington miss-islington merged commit 394e55a into python:3.7 Sep 24, 2018
@gpshead gpshead mentioned this pull request Apr 10, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type-security A security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tiran @the-knights-who-say-ni @bedevere-bot @miss-islington
0