Mercurial > p > roundup > code

diff CHANGES.txt @ 8237:57325fea9982

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml. defusedxml will be used to moneypatch the problematic client and server modules. Test added using an xml bomb.
author John Rouillard <rouilj@ieee.org>
date Sun, 29 Dec 2024 19:11:01 -0500
parents 32aaf5dc562b
children 6bd11a73f2ed
line wrap: on
line diff
--- a/CHANGES.txt	Mon Dec 23 21:10:54 2024 -0500
+++ b/CHANGES.txt	Sun Dec 29 19:11:01 2024 -0500
@@ -81,6 +81,9 @@
   Rouillard) 
 - added fuzz testing for some code. Found issue2551382 and
   others. (John Rouillard)
+- issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
+  Added support for defusedxml to better secure the xmlrpc
+  endpoint. (John Rouillard)
 
 2024-07-13 2.4.0
Roundup Issue Tracker: http://roundup-tracker.org/