1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
Changelog
=========
defusedxml 0.8.0.dev1
---------------------
- Drop support for Python 2.7, 3.4, and 3.5.
- Officially support Python 3.10.
- Add ``defusedxml.ElementTree.fromstringlist()``
- Fix regression ``defusedxml.ElementTree.ParseError`` (#63)
The ``ParseError`` exception is now the same class object as
``xml.etree.ElementTree.ParseError`` again.
defusedxml 0.7.0
----------------
*Release date: 4-Mar-2021*
- No changes
defusedxml 0.7.0rc2
-------------------
*Release date: 12-Jan-2021*
- Re-add and deprecate ``defusedxml.cElementTree``
- Use GitHub Actions instead of TravisCI
- Restore ``ElementTree`` attribute of ``xml.etree`` module after patching
defusedxml 0.7.0rc1
-------------------
*Release date: 04-May-2020*
- Add support for Python 3.9
- ``defusedxml.cElementTree`` is not available with Python 3.9.
- Python 2 is deprecate. Support for Python 2 will be removed in 0.8.0.
defusedxml 0.6.0
----------------
*Release date: 17-Apr-2019*
- Increase test coverage.
- Add badges to README.
defusedxml 0.6.0rc1
-------------------
*Release date: 14-Apr-2019*
- Test on Python 3.7 stable and 3.8-dev
- Drop support for Python 3.4
- No longer pass *html* argument to XMLParse. It has been deprecated and
ignored for a long time. The DefusedXMLParser still takes a html argument.
A deprecation warning is issued when the argument is False and a TypeError
when it's True.
- defusedxml now fails early when pyexpat stdlib module is not available or
broken.
- defusedxml.ElementTree.__all__ now lists ParseError as public attribute.
- The defusedxml.ElementTree and defusedxml.cElementTree modules had a typo
and used XMLParse instead of XMLParser as an alias for DefusedXMLParser.
Both the old and fixed name are now available.
defusedxml 0.5.0
----------------
*Release date: 07-Feb-2017*
- No changes
defusedxml 0.5.0.rc1
--------------------
*Release date: 28-Jan-2017*
- Add compatibility with Python 3.6
- Drop support for Python 2.6, 3.1, 3.2, 3.3
- Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)
defusedxml 0.4.1
----------------
*Release date: 28-Mar-2013*
- Add more demo exploits, e.g. python_external.py and Xalan XSLT demos.
- Improved documentation.
defusedxml 0.4
--------------
*Release date: 25-Feb-2013*
- As per http://seclists.org/oss-sec/2013/q1/340 please REJECT
CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 and use CVE-2013-1664,
CVE-2013-1665 for OpenStack/etc.
- Add missing parser_list argument to sax.make_parser(). The argument is
ignored, though. (thanks to Florian Apolloner)
- Add demo exploit for external entity attack on Python's SAX parser, XML-RPC
and WebDAV.
defusedxml 0.3
--------------
*Release date: 19-Feb-2013*
- Improve documentation
defusedxml 0.2
--------------
*Release date: 15-Feb-2013*
- Rename ExternalEntitiesForbidden to ExternalReferenceForbidden
- Rename defusedxml.lxml.check_dtd() to check_docinfo()
- Unify argument names in callbacks
- Add arguments and formatted representation to exceptions
- Add forbid_external argument to all functions and classes
- More tests
- LOTS of documentation
- Add example code for other languages (Ruby, Perl, PHP) and parsers (Genshi)
- Add protection against XML and gzip attacks to xmlrpclib
defusedxml 0.1
--------------
*Release date: 08-Feb-2013*
- Initial and internal release for PSRT review
|
