Changelogs » Defusedxml

PyUp Safety actively tracks 373,221 Python packages for vulnerabilities and notifies you when to upgrade.

Defusedxml

0.8.0.dev1

---------------------
  
  - Drop support for Python 2.7, 3.4, and 3.5.
  - Add ``defusedxml.ElementTree.fromstringlist()``
  - Fix regression ``defusedxml.ElementTree.ParseError`` (63)
  The ``ParseError`` exception is now the same class object as
  ``xml.etree.ElementTree.ParseError`` again.

0.7.0

----------------
  
  *Release date: 4-Mar-2021*
  
  - No changes

0.7.0rc2

-------------------
  
  *Release date: 12-Jan-2021*
  
  - Re-add and deprecate ``defusedxml.cElementTree``
  - Use GitHub Actions instead of TravisCI
  - Restore ``ElementTree`` attribute of ``xml.etree`` module after patching

0.7.0rc1

-------------------
  
  *Release date: 04-May-2020*
  
  - Add support for Python 3.9
  - ``defusedxml.cElementTree`` is not available with Python 3.9.
  - Python 2 is deprecate. Support for Python 2 will be removed in 0.8.0.

0.6.0

----------------
  
  *Release date: 17-Apr-2019*
  
  - Increase test coverage.
  - Add badges to README.

0.6.0rc1

-------------------
  
  *Release date: 14-Apr-2019*
  
  - Test on Python 3.7 stable and 3.8-dev
  - Drop support for Python 3.4
  - No longer pass *html* argument to XMLParse. It has been deprecated and
  ignored for a long time. The DefusedXMLParser still takes a html argument.
  A deprecation warning is issued when the argument is False and a TypeError
  when it's True.
  - defusedxml now fails early when pyexpat stdlib module is not available or
  broken.
  - defusedxml.ElementTree.__all__ now lists ParseError as public attribute.
  - The defusedxml.ElementTree and defusedxml.cElementTree modules had a typo
  and used XMLParse instead of XMLParser as an alias for DefusedXMLParser.
  Both the old and fixed name are now available.

0.5.0

----------------
  
  *Release date: 07-Feb-2017*
  
  - No changes

0.5.0.rc1

--------------------
  
  *Release date: 28-Jan-2017*
  
  - Add compatibility with Python 3.6
  - Drop support for Python 2.6, 3.1, 3.2, 3.3
  - Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)

0.4.1

----------------
  
  *Release date: 28-Mar-2013*
  
  - Add more demo exploits, e.g. python_external.py and Xalan XSLT demos.
  - Improved documentation.

0.4

--------------
  
  *Release date: 25-Feb-2013*
  
  - As per http://seclists.org/oss-sec/2013/q1/340 please REJECT
  CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 and use CVE-2013-1664,
  CVE-2013-1665 for OpenStack/etc.
  - Add missing parser_list argument to sax.make_parser(). The argument is
  ignored, though. (thanks to Florian Apolloner)
  - Add demo exploit for external entity attack on Python's SAX parser, XML-RPC
  and WebDAV.

0.3 not secure

--------------
  
  *Release date: 19-Feb-2013*
  
  - Improve documentation

0.2

--------------
  
  *Release date: 15-Feb-2013*
  
  - Rename ExternalEntitiesForbidden to ExternalReferenceForbidden
  - Rename defusedxml.lxml.check_dtd() to check_docinfo()
  - Unify argument names in callbacks
  - Add arguments and formatted representation to exceptions
  - Add forbid_external argument to all functions and classes
  - More tests
  - LOTS of documentation
  - Add example code for other languages (Ruby, Perl, PHP) and parsers (Genshi)
  - Add protection against XML and gzip attacks to xmlrpclib

0.1

--------------
  
  *Release date: 08-Feb-2013*
  
  - Initial and internal release for PSRT review