Mercurial > p > roundup > code

diff doc/installation.txt @ 8237:57325fea9982

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml. defusedxml will be used to moneypatch the problematic client and server modules. Test added using an xml bomb.
author John Rouillard <rouilj@ieee.org>
date Sun, 29 Dec 2024 19:11:01 -0500
parents 3645ce5b3036
children 0d451fd19f1b
line wrap: on
line diff
--- a/doc/installation.txt	Mon Dec 23 21:10:54 2024 -0500
+++ b/doc/installation.txt	Sun Dec 29 19:11:01 2024 -0500
@@ -255,6 +255,11 @@
   its TEMPLATE-INFO.txt file) you need
   to have the jinja2_ template engine installed.
 
+defusedxml
+  If you are going to enable and use the XMLRPC endpoint, you should
+  install the defusedxml_ module. It will still work with the default
+  xmlrpc standard library, but it will log a warning when used.
+
 .. _install/docutils:
 
 docutils
@@ -2371,6 +2376,7 @@
 .. _apache: https://httpd.apache.org/
 .. _brotli: https://pypi.org/project/Brotli/
 .. _`developer's guide`: developers.html
+.. _defusedxml: https://pypi.org/project/defusedxml/
 .. _docutils: https://pypi.org/project/docutils/
 .. _flup: https://pypi.org/project/flup/
 .. _gpg: https://www.gnupg.org/software/gpgme/index.html
Roundup Issue Tracker: http://roundup-tracker.org/