PyYaml not using Yaml 1.2?
Marko Rauhamaa
marko at pacujo.net
Fri Aug 4 18:03:27 EDT 2017
Lele Gaifax <lele at metapensiero.it>:
> leam hall <leamhall at gmail.com> writes:
>
>> Tracked down the GitHub repo (https://github.com/yaml/pyyaml) and it seems
>> to be gearing back up. I'll see what I can do to help.
>
> See also https://bitbucket.org/ruamel/yaml, a fork of PyYAML, it seems more
> actively maintained and already supports format 1.2.
BTW, happened to land on this blog posting that mentions a security
warning regarding PyYAML:
A suggested fix is to always use yaml.safe_load for handling YAML
serialization you can't trust. Still, the current PyYAML default
feels somewhat provoking considering other serialization libraries
tend to use dump/load function names for similar purposes, but in a
safe manner.
<URL: https://access.redhat.com/blogs/766093/posts/2592591>
Marko
More information about the Python-list
mailing list