Use defusedxml function instead of lxml.etree.parse
Bug #1731865 reported by
Spencer Yu
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Due to https:/
we should use defusedxml function instead of lxml.etree.parse to prevent XML attacks.
Changed in nova: | |
assignee: | nobody → Spencer Yu (yushb) |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/519291
Review: https:/