New submission from STINNER Victor <vstin...@python.org>:
The XML documentation starts with a red warning: "Warning: The XML modules are not secure against erroneous or maliciously constructed data. If you need to parse untrusted or unauthenticated data see the XML vulnerabilities and The defusedxml Package sections. " https://docs.python.org/dev/library/xml.html I suggest to add the same warning to the plistlib library which uses the XML parser internally to handle XML files. ---------- components: Library (Lib) messages: 378707 nosy: vstinner priority: normal severity: normal status: open title: plistlib inherits XML vulnerabilities: we should document them type: security versions: Python 3.10, Python 3.8, Python 3.9 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue42051> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
