Since Python 2 and 3 are not compatible, we are little worried on doing the code change now. Is there any easy way to do the same? Also i could only see lxml 3.8.0 available only till python 3.4 for windows and it has only 2.9.3 libxml2 version and we required latest libxml2 which is 2.9.4. Kindly let us know if lxml windows installer is available for python 3.6. Also the steps to do the migration from Python 2 to Python3 without much code changes? Thanks.

Inline image 1

python installer that we use:
lxml --> (it comes with 2.9.0 version of libxml2)


On Tue, Sep 5, 2017 at 11:59 PM, Stefan Behnel <> wrote:

Swarnalatha Kannan schrieb am 05.09.2017 um 17:55:
> I would like to know if security vulnerabilities on libxml2 holds good for
> lxml. We are using in our project. After
> installation, I could only see .h files inside libxml fodler of lxml.
> (C:\Python27\Lib\site-packages\lxml\includes\libxml). I would like to know
> about the implementations of these header file functions. Because most of
> the vulnerabilities mentioned are part of .c files. Kindly get back.

The header files are only there for external code that wants to compile
against lxml. What you are interested in is the libxml2 version that the
Windows binaries include. You can look that up in lxml itself:

print("%-20s: %s" % ('lxml.etree', etree.LXML_VERSION))
print("%-20s: %s" % ('libxml used', etree.LIBXML_VERSION))
print("%-20s: %s" % ('libxml compiled', etree.LIBXML_COMPILED_VERSION))
print("%-20s: %s" % ('libxslt used', etree.LIBXSLT_VERSION))
print("%-20s: %s" % ('libxslt compiled', etree.LIBXSLT_COMPILED_VERSION))

lxml 3.3.4 is hugely old and probably comes with some 2.7.x version of
libxml2, maybe 2.7.8. These old versions have bugs that most likely include
security relevant ones.

I recomment switching to Python 3.5 or 3.6. The corresponding lxml wheels
for Windows come with more recent library versions.

Mailing list for the lxml Python XML toolkit -