Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gh-115399: Document CVE-2023-52425 under "XML vulnerabilities" #115400

Merged

Conversation

hartwork
Copy link
Contributor

@hartwork hartwork commented Feb 13, 2024

Loosely related to #115399

A dedicated issue didn't seem needed here, but I can create one, if you consider it needed.


📚 Documentation preview 📚: https://cpython-previews--115400.org.readthedocs.build/

@bedevere-app bedevere-app bot added awaiting review docs Documentation in the Doc dir labels Feb 13, 2024
@hartwork hartwork mentioned this pull request Feb 14, 2024
28 tasks
@sethmlarson sethmlarson added needs backport to 3.8 needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 bug and security fixes labels Feb 14, 2024
@sethmlarson
Copy link
Contributor

@hartwork Looks like CI is failing, the news fragment name appears to not be the correct format?

@ambv I'm not sure if docs changes like this get backported to security-only branches?

@hartwork
Copy link
Contributor Author

hartwork commented Feb 14, 2024

@hartwork Looks like CI is failing, the news fragment name appears to not be the correct format?

@sethmlarson yes, I I wish I knew what the correct file naming is for when there is no GitHub issue, that case seems to be undocumented or hard to find. Any ideas how to rename the file or where to find the related blurp docs? Googling for e.g. "blurp without github issue" doesn't get me anyhere.

@ambv I'm not sure if docs changes like this get backported to security-only branches?

If I may add: this docs extension is security related. Please take my vote for backporting to security-only branches (unless I am missing good reasons not to). If it ends up producing merge conflicts, I can see if I can help with resolving them if reasonably economic. Thanks!

@sethmlarson
Copy link
Contributor

@hartwork The tool is "blurb" I think, also you can use #115399 for the GitHub issue.

@hartwork
Copy link
Contributor Author

you can use #115399 for the GitHub issue.

@sethmlarson good idea, give me a second…

@hartwork hartwork force-pushed the document-cve-2023-52425-under-xml-vulnerabilities branch from 0b5365b to 3021d11 Compare February 14, 2024 19:17
@hartwork hartwork changed the title Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities" gh-115399: Document CVE-2023-52425 under "XML vulnerabilities" Feb 14, 2024
@ambv ambv merged commit fbd40ce into python:main Feb 21, 2024
23 checks passed
@miss-islington-app
Copy link

Thanks @hartwork for the PR, and @ambv for merging it 🌮🎉.. I'm working now to backport this PR to: 3.8, 3.9, 3.10, 3.11, 3.12.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Feb 21, 2024
…ythonGH-115400)

Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce)

Co-authored-by: Sebastian Pipping <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Feb 21, 2024

GH-115760 is a backport of this pull request to the 3.12 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.12 bug and security fixes label Feb 21, 2024
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Feb 21, 2024
…ythonGH-115400)

Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce)

Co-authored-by: Sebastian Pipping <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Feb 21, 2024

GH-115761 is a backport of this pull request to the 3.11 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.11 only security fixes label Feb 21, 2024
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Feb 21, 2024
…ythonGH-115400)

Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce)

Co-authored-by: Sebastian Pipping <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Feb 21, 2024

GH-115762 is a backport of this pull request to the 3.10 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.10 only security fixes label Feb 21, 2024
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Feb 21, 2024
…ythonGH-115400)

Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce)

Co-authored-by: Sebastian Pipping <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Feb 21, 2024

GH-115763 is a backport of this pull request to the 3.9 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.9 only security fixes label Feb 21, 2024
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Feb 21, 2024
…ythonGH-115400)

Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce)

Co-authored-by: Sebastian Pipping <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Feb 21, 2024

GH-115764 is a backport of this pull request to the 3.8 branch.

ambv pushed a commit that referenced this pull request Feb 21, 2024
…GH-115400) (GH-115760)

Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce)

Co-authored-by: Sebastian Pipping <[email protected]>
ambv pushed a commit that referenced this pull request Feb 21, 2024
…GH-115400) (GH-115761)

Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce)

Co-authored-by: Sebastian Pipping <[email protected]>
ambv pushed a commit that referenced this pull request Feb 21, 2024
…GH-115400) (GH-115762)

Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce)

Co-authored-by: Sebastian Pipping <[email protected]>
ambv pushed a commit that referenced this pull request Feb 21, 2024
…H-115400) (GH-115764)

Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce)

Co-authored-by: Sebastian Pipping <[email protected]>
ambv pushed a commit that referenced this pull request Feb 21, 2024
…H-115400) (GH-115763)

Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce)

Co-authored-by: Sebastian Pipping <[email protected]>
woodruffw pushed a commit to woodruffw-forks/cpython that referenced this pull request Mar 4, 2024
diegorusso pushed a commit to diegorusso/cpython that referenced this pull request Apr 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docs Documentation in the Doc dir
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants