cpython/Doc/whatsnew
Sebastian Pipping 6a95676bb5
gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .

### Notes

- Please treat as a security fix related to CVE-2023-52425.

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
2024-02-29 14:52:50 -08:00
..
2.0.rst gh-101100: Fix Sphinx warnings in `whatsnew/2.0.rst` (#112351) 2024-02-25 02:45:56 -07:00
2.1.rst gh-101100: Fix Sphinx warnings in `whatsnew/2.1.rst` (#112357) 2024-02-25 23:49:04 -07:00
2.2.rst gh-101100: Fix Sphinx warnings from PEP 3108 stdlib re-organisation (#114327) 2024-02-04 09:45:35 +00:00
2.3.rst gh-113664: Improve style of Big O notation (GH-113695) 2024-01-10 15:01:18 +02:00
2.4.rst gh-101100: Fix Sphinx warnings from PEP 3108 stdlib re-organisation (#114327) 2024-02-04 09:45:35 +00:00
2.5.rst gh-101100: Fix Sphinx warnings from PEP 3108 stdlib re-organisation (#114327) 2024-02-04 09:45:35 +00:00
2.6.rst gh-100734: What's New in 3.x: Add missing detail from 3.x branch (#114689) 2024-02-15 17:32:33 +02:00
2.7.rst Docs: mark up NotImplemented using the :data: role throughout the docs (#116135) 2024-02-29 20:46:12 +00:00
3.0.rst gh-101100: Fix Sphinx warnings from PEP 3108 stdlib re-organisation (#114327) 2024-02-04 09:45:35 +00:00
3.1.rst gh-101100: Fix Sphinx warnings in `whatsnew/3.1.rst` (#115575) 2024-02-17 02:39:07 -07:00
3.2.rst gh-101100: Fix Sphinx warnings in `whatsnew/3.2.rst` (#115580) 2024-02-17 03:03:20 -07:00
3.3.rst gh-113664: Improve style of Big O notation (GH-113695) 2024-01-10 15:01:18 +02:00
3.4.rst Docs: mark up NotImplemented using the :data: role throughout the docs (#116135) 2024-02-29 20:46:12 +00:00
3.5.rst gh-101100: Fix Sphinx warnings from PEP 3108 stdlib re-organisation (#114327) 2024-02-04 09:45:35 +00:00
3.6.rst gh-100734: What's New in 3.x: Add missing detail from 3.x branch (#114689) 2024-02-15 17:32:33 +02:00
3.7.rst gh-100734: What's New in 3.x: Add missing detail from 3.x branch (#114689) 2024-02-15 17:32:33 +02:00
3.8.rst gh-100734: What's New in 3.x: Add missing detail from 3.x branch (#114689) 2024-02-15 17:32:33 +02:00
3.9.rst Docs: mark up NotImplemented using the :data: role throughout the docs (#116135) 2024-02-29 20:46:12 +00:00
3.10.rst Docs: mark up NotImplemented using the :data: role throughout the docs (#116135) 2024-02-29 20:46:12 +00:00
3.11.rst gh-100734: Add 'Notable change in 3.11.x' to `whatsnew/3.11.rst` (#114657) 2024-01-28 20:28:25 +00:00
3.12.rst gh-100734: What's New in 3.x: Add missing detail from 3.x branch (#114689) 2024-02-15 17:32:33 +02:00
3.13.rst gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) 2024-02-29 14:52:50 -08:00
changelog.rst Include additional changes to support blurbified NEWS (#3340) 2017-09-05 00:46:18 -07:00
index.rst Fix whatsnew for 3.13. (GH-104756) 2023-05-22 16:05:27 -04:00