hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added change note for python

Browse Source
This commit is contained in:
Napalys Klicius
2025-07-15 09:57:02 +02:00
parent 638f6498f0
commit ea93b392f7
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/lib/change-notes/2025-07-15-xml-bomb-sinks-python.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks.