[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] We cannot fix all issues: let's close XML security issues (not fix them)


* Victor Stinner <vstinner at redhat.com>, 2018-09-06, 16:40:
>I'm also dubious about PyYAML which allows to run arbitrary Python code 
>in a configuration *by default*. But well, it seems like nobody stepped 
>in to change the default.

PyYAML maintainers intend to change the default soon:
https://github.com/yaml/pyyaml/issues/207

-- 
Jakub Wilk