Re: [Python-Dev] We cannot fix all issues: let's close XML security issues (not fix them)

Jakub Wilk 2018年9月07日 01:56:04 -0700

* Victor Stinner <[email protected]>, 2018年09月06日, 16:40:

I'm also dubious about PyYAML which allows to run arbitrary Python code in a configuration *by default*. But well, it seems like nobody stepped in to change the default.

PyYAML maintainers intend to change the default soon:
https://github.com/yaml/pyyaml/issues/207
--
Jakub Wilk
_______________________________________________
Python-Dev mailing list
[email protected]
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

• Previous message
• View by thread
• View by date
• Next message

• • • • • • • Re: [Python-Dev] Fwd: W... Victor Stinner
            • Re: [Python-Dev] Fwd: W... Abdur-Rahmaan Janhangeer
            • Re: [Python-Dev] Fwd: W... Christian Heimes
      • Re: [Python-Dev] We cannot fix all i... Guido van Rossum
      • • Re: [Python-Dev] We cannot fix a... Ryan Gonzalez
        • • Re: [Python-Dev] We cannot ... Simon Cross
          • Re: [Python-Dev] We cannot ... Tres Seaver
          • Re: [Python-Dev] We cannot ... Terry Reedy
        • Re: [Python-Dev] We cannot fix a... Christian Heimes
        • • Re: [Python-Dev] We cannot ... Victor Stinner
    • Re: [Python-Dev] We cannot fix all issue... Jakub Wilk
• Re: [Python-Dev] We cannot fix all issues: let's ... Abdur-Rahmaan Janhangeer
• Re: [Python-Dev] We cannot fix all issues: let's ... Christian Heimes