On 27 September 2016 at 19:19, Sean Dague <s...@dague.net> wrote: > On 09/27/2016 01:24 PM, Travis McPeak wrote: > > There are several attacks (https://pypi.python.org/pypi/defusedxml#id3) > > that can be performed when XML is parsed from untrusted input. > > DefusedXML offers safe alternatives to XML parsing libraries but is not > > currently part of global requirements. > > > > I propose adding DefusedXML to global requirements so that projects have > > an option for safe XML parsing. Does anybody have any thoughts or > > objections? > > Out of curiosity, are there specific areas of concern in existing > projects here? Most projects have dropped XML API support. > > Outbound XML datasources which are parsed still used with at least nova vmware support and multiple cinder drivers.
openstack/ec2-api is still providing an xml api service? -- Kind Regards, Dave Walker
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
