[Python-Dev] We cannot fix all issues: let's close XML security issues (not fix them)

Jakub Wilk jwilk at jwilk.net
Fri Sep 7 04:33:22 EDT 2018

* Victor Stinner <vstinner at redhat.com>, 2018-09-06, 16:40:
>I'm also dubious about PyYAML which allows to run arbitrary Python code 
>in a configuration *by default*. But well, it seems like nobody stepped 
>in to change the default.

PyYAML maintainers intend to change the default soon:

Jakub Wilk

More information about the Python-Dev mailing list