mirror of
https://github.com/github/codeql.git
synced 2026-03-06 23:56:48 +01:00
5 lines
275 B
Markdown
5 lines
275 B
Markdown
---
|
|
category: minorAnalysis
|
|
---
|
|
* Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks.
|