feedparser icon indicating copy to clipboard operation
feedparser copied to clipboard
verified publisher icon kurtmckee

Consider removing libxml2 SAX driver

Open nwellnhof opened this issue 8 months ago • 1 comments

This project seems to set the preferred XML SAX driver to drv_libxml2. This will only have an effect on a few systems where the libxml2 Python bindings are installed and could lead to non-deterministic behavior depending on the external environment.

libxml2's Python bindings and the SAX driver are outdated and will be deprecated in the long term. The libxml2 maintainers also received a report about a security issue recently. I'd strongly suggest to remove the driver from your project and rely on Python's default implementation.

nwellnhof avatar Apr 10 '25 13:04 nwellnhof

Thanks for the heads-up, Nick!

kurtmckee avatar Apr 11 '25 14:04 kurtmckee