[Python-Dev] We cannot fix all issues: let's close XML security issues (not fix them)
Jakub Wilk
jwilk at jwilk.net
Fri Sep 7 04:33:22 EDT 2018
* Victor Stinner <vstinner at redhat.com>, 2018-09-06, 16:40:
>I'm also dubious about PyYAML which allows to run arbitrary Python code
>in a configuration *by default*. But well, it seems like nobody stepped
>in to change the default.
PyYAML maintainers intend to change the default soon:
https://github.com/yaml/pyyaml/issues/207
--
Jakub Wilk
More information about the Python-Dev
mailing list