libxml2 在 2.11.9、2.12.9 和 2.13.3 之前的版本中存在一个安全漏洞,SAX 解析器在自定义 SAX 处理程序尝试通过设置 "checked" 来覆盖实体内容时,仍然会为外部实体生成事件。这使得经典的 XXE(XML 外部实体注入)攻击成为可能。 该漏洞已在后续版本中修复,建议用户尽快升级到最新版本以避免潜在的安全风险。 参考链接: - [GitHub 安全公告](https://github.com/advisories/GHSA-6c2p-rqx3-w4px) - [NVD 漏洞详情](https://nvd.nist.gov/vuln/detail/CVE-2024-40896) - [libxml2 修复提交](https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6) - [libxml2 问题报告](https://gitlab.gnome.org/GNOME/libxml2/-/issues/761) #安全漏洞#XXE#libxml2#SAX解析器 #AIGC
🚀 Exciting Project Announcement! 🚀 I'm thrilled to share that I’ve developed GitInvite – an open-source platform that makes collaborating on GitHub easier than ever! 🎉 💡 What is GitInvite? GitInvite allows users to generate secure GitHub repository invite links that can be shared with collaborators. No more manual collaborator additions! With just one link, you can grant access to your repos in a secure and efficient way. 🌟 Key Features: - Generate secure invite links to share repository access. - Cancel invite links anytime to prevent further use. - Revoke access from users who gained access via the link. - Easy collaboration for developers, teams, and open-source projects. 🎯 Beta Stage: GitInvite is currently in its beta stage, and I'm actively seeking feedback and suggestions for improvements. I would love to hear from the developer community to help shape the future of this tool! 💻 Want to try it out? You can access GitInvite here: https://gitinvite.vercel.app/ 🛠 Developers: The code is open-source, and I welcome contributions! Check out the GitHub repo here: https://github.com/rahulps1000/GitInvite Feel free to share your feedback, open issues, or contribute to the project! Let’s make GitHub collaboration even smoother together. 🙌 #GitHub#OpenSource#NextJS#GitInvite#Collaboration#Beta#WebDevelopment
找到 2 条相似帖子
搜索 #libxml2
@djangoproject · Post #551 · 2018/01/23 16:28
http://lxml.de/ #lxml is the most feature-rich and easy-to-use library for processing #XML and #HTML in the Python language. The lxml XML toolkit is a Pythonic binding for the #C libraries #libxml2 and #libxslt. It is unique in that it combines the speed and XML feature completeness of these libraries with the simplicity of a native Python #API, mostly compatible but superior to the well-known ElementTree API. The latest release works with all #CPython versions from 2.6 to 3.6. See the introduction for more information about background and goals of the lxml project. Some common questions are answered in the FAQ.