Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use defusedxml to parse potentially untrusted XML #708

Merged
merged 1 commit into from
Nov 29, 2017

Conversation

takluyver
Copy link
Member

Untrusted XML data can cause havoc with unprepared parsers. I'm not sure whether our default templates are vulnerable to this, but it makes sense for the filters to be defensive in handling it.

Closes gh-706

@Danorcohen
Copy link

Looks good :)

Do you have an estimated release date for 5.4 ?
Thanks!!

@takluyver
Copy link
Member Author

Thanks. We're working towards a new release, but it may be a few weeks.

@takluyver takluyver merged commit 3e203ce into jupyter:master Nov 29, 2017
@takluyver takluyver deleted the defusedxml branch November 29, 2017 12:54
@westurner
Copy link

westurner commented Feb 10, 2019

Gitflow and Hubflow have 'hotfix' branches off of the release branch for exactly this problem.

You can branch off the release branch, cherry pick the security patch, bump the version, merge back to the release branch, and cut a release without having to release all of the pending new features on the develop branch.

https://datasift.github.io/gitflow/GitFlowForGitHub.html#9-creating-hotfixes

From https://datasift.github.io/gitflow/IntroducingGitFlow.html :

GitFlow Hotfix Branch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants