21 Feb
2013
21 Feb
'13
3:25 a.m.
Am 20.02.2013 21:17, schrieb Maciej Fijalkowski:
On Wed, Feb 20, 2013 at 8:24 PM, Christian Heimes
wrote: Am 20.02.2013 17:25, schrieb Benjamin Peterson:
Are these going to become patches for Python, too?
I'm working on it. The patches need to be discussed as they break backward compatibility and AFAIK XML standards, too.
That's not very good. XML parsers are supposed to parse XML according to standards. Is the goal to have them actually do that, or just address DDOS issues?
But the standard is flawed. It's not a distributed DoS issue, it's a severe DoS vulnerabilities. A single 1 kB XML document can kill virtually any machine, even servers with more than hundred GB RAM.