Skip to content

Please upgrade bundled Expat to 2.7.1 #131809

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
hartwork opened this issue Mar 27, 2025 · 2 comments
Closed

Please upgrade bundled Expat to 2.7.1 #131809

hartwork opened this issue Mar 27, 2025 · 2 comments
Assignees
@sethmlarson
Labels
3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes 3.14 bugs and security fixes release-blocker topic-XML type-security A security issue

Comments

@hartwork
Copy link
Contributor

hartwork commented Mar 27, 2025
edited by bedevere-app bot
Loading

Bug report

Bug description:

Hi! 👋

Please upgrade bundled Expat to 2.7.1 (e.g. for the fix to what can be argued a regression that came with the fix for CVE-2024-8176 in Expat 2.7.0).

The CPython issue for previous 2.7.0 was #131261 and the related merged main pull request was #131272, in case you want to have a look. The Dockerfile from comment #123689 (review) could be of help with raising confidence in a bump pull request when going forward.

Thanks in advance!

CC @sethmlarson @gpshead

CPython versions tested on:

3.9, 3.10, CPython main branch, 3.14, 3.13, 3.12, 3.11

Operating systems tested on:

Other, Windows, macOS, Linux

Linked PRs
@hartwork hartwork added the type-bug An unexpected behavior, bug, or error label Mar 27, 2025
@hartwork hartwork mentioned this issue Mar 27, 2025
Closed
27 tasks
@ZeroIntensity ZeroIntensity added type-security A security issue topic-XML 3.11 only security fixes 3.10 only security fixes 3.9 only security fixes 3.12 only security fixes 3.13 bugs and security fixes 3.14 bugs and security fixes and removed type-bug An unexpected behavior, bug, or error labels Mar 27, 2025
@picnixz picnixz added the extension-modules C modules in the Modules dir label Mar 28, 2025
@gpshead gpshead added release-blocker and removed extension-modules C modules in the Modules dir labels Mar 28, 2025
@llindsaya llindsaya mentioned this issue Apr 2, 2025
Merged
gpshead added a commit to gpshead/cpython that referenced this issue Apr 7, 2025
@gpshead
pythongh-131809: Upgrade vendored expat to 2.7.1
22d52f2
@bedevere-app bedevere-app bot mentioned this issue Apr 7, 2025
Merged
@gpshead gpshead moved this from Todo to In Progress in Release and Deferred blockers 🚫 Apr 7, 2025
@hugovk hugovk mentioned this issue Apr 7, 2025
Closed
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Apr 7, 2025
@sethmlarson
pythongh-131809: Upgrade libexpat to 2.7.1
844ba39
@bedevere-app bedevere-app bot mentioned this issue Apr 7, 2025
Closed
hugovk pushed a commit that referenced this issue Apr 7, 2025
@gpshead
gh-131809: Upgrade vendored expat to 2.7.1 (#132192)
c0de650
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Apr 7, 2025
@gpshead @miss-islington
pythongh-131809: Upgrade vendored expat to 2.7.1 (pythonGH-132192)
fa241f8 
(cherry picked from commit c0de650)

Co-authored-by: Gregory P. Smith <[email protected]>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Apr 7, 2025
@gpshead @miss-islington
pythongh-131809: Upgrade vendored expat to 2.7.1 (pythonGH-132192)
622489a 
(cherry picked from commit c0de650)

Co-authored-by: Gregory P. Smith <[email protected]>
This was referenced Apr 7, 2025
Merged
Merged
sethmlarson pushed a commit to sethmlarson/cpython that referenced this issue Apr 7, 2025
@gpshead @sethmlarson
[3.11] pythongh-131809: Upgrade vendored expat to 2.7.1 (pythonGH-132192
be68c3d 
)

(cherry picked from commit c0de650)

Co-authored-by: Gregory P. Smith <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Apr 7, 2025
Merged
sethmlarson pushed a commit to sethmlarson/cpython that referenced this issue Apr 7, 2025
@gpshead @sethmlarson
[3.10] pythongh-131809: Upgrade vendored expat to 2.7.1 (pythonGH-132192
de980b7 
)

(cherry picked from commit c0de650)

Co-authored-by: Gregory P. Smith <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Apr 7, 2025
Merged
sethmlarson pushed a commit to sethmlarson/cpython that referenced this issue Apr 7, 2025
@gpshead @sethmlarson
[3.9] pythongh-131809: Upgrade vendored expat to 2.7.1 (pythonGH-132192)
899f79b 
(cherry picked from commit c0de650)

Co-authored-by: Gregory P. Smith <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Apr 7, 2025
Merged
gpshead added a commit that referenced this issue Apr 7, 2025
@miss-islington @gpshead
[3.12] gh-131809: Upgrade vendored expat to 2.7.1 (GH-132192) (#132237)
ed01daf 
* gh-131809: Upgrade vendored expat to 2.7.1 (GH-132192)
(cherry picked from commit c0de650)

Co-authored-by: Gregory P. Smith <[email protected]>

* make regen-sbom

---------

Co-authored-by: Gregory P. Smith <[email protected]>
gpshead added a commit that referenced this issue Apr 7, 2025
@miss-islington @gpshead
[3.13] gh-131809: Upgrade vendored expat to 2.7.1 (GH-132192) (#132236)
ac9d7c6 
* gh-131809: Upgrade vendored expat to 2.7.1 (GH-132192)
(cherry picked from commit c0de650)

Co-authored-by: Gregory P. Smith <[email protected]>

* make regen-sbom

---------

Co-authored-by: Gregory P. Smith <[email protected]>
Yhg1s pushed a commit that referenced this issue Apr 8, 2025
@sethmlarson @gpshead
[3.9] gh-131809: Upgrade vendored expat to 2.7.1 (GH-132192) (#132242)
12deea5 
(cherry picked from commit c0de650)

Co-authored-by: Gregory P. Smith <[email protected]>
Yhg1s pushed a commit that referenced this issue Apr 8, 2025
@sethmlarson @gpshead
[3.10] gh-131809: Upgrade vendored expat to 2.7.1 (GH-132192) (#132241)
53d4eaa 
(cherry picked from commit c0de650)

Co-authored-by: Gregory P. Smith <[email protected]>
Yhg1s pushed a commit that referenced this issue Apr 8, 2025
@sethmlarson @gpshead
[3.11] gh-131809: Upgrade vendored expat to 2.7.1 (GH-132192) (#132240)
553d706 
(cherry picked from commit c0de650)

Co-authored-by: Gregory P. Smith <[email protected]>
@ambv ambv closed this as completed Apr 8, 2025
@github-project-automation github-project-automation bot moved this from In Progress to Done in Release and Deferred blockers 🚫 Apr 8, 2025
@hartwork
Copy link
Contributor Author

hartwork commented Apr 8, 2025

@gpshead @sethmlarson thank you! 🙏

seehwan pushed a commit to seehwan/cpython that referenced this issue Apr 16, 2025
@gpshead @seehwan80
pythongh-131809: Upgrade vendored expat to 2.7.1 (python#132192)
44eb309
@rochebeard-byte

This comment has been minimized.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sethmlarson sethmlarson

Labels
3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes 3.14 bugs and security fixes release-blocker topic-XML type-security A security issue
Projects
Release and Deferred blockers 🚫
Archived in project
Milestone
No milestone
Development

No branches or pull requests
8 participants
@ambv @gpshead @hartwork @picnixz @sethmlarson @ZeroIntensity @rochebeard-byte and others