Defusedxml

----------------

*Release date: 17-Apr-2019*

- Increase test coverage.
- Add badges to README.

-------------------

*Release date: 14-Apr-2019*

- Test on Python 3.7 stable and 3.8-dev
- Drop support for Python 3.4
- No longer pass *html* argument to XMLParse. It has been deprecated and
ignored for a long time. The DefusedXMLParser still takes a html argument.
A deprecation warning is issued when the argument is False and a TypeError
when it's True.
- defusedxml now fails early when pyexpat stdlib module is not available or
broken.
- defusedxml.ElementTree.__all__ now lists ParseError as public attribute.
- The defusedxml.ElementTree and defusedxml.cElementTree modules had a typo
and used XMLParse instead of XMLParser as an alias for DefusedXMLParser.
Both the old and fixed name are now available.

----------------

*Release date: 07-Feb-2017*

- No changes

--------------------

*Release date: 28-Jan-2017*

- Add compatibility with Python 3.6
- Drop support for Python 2.6, 3.1, 3.2, 3.3
- Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)

----------------

*Release date: 28-Mar-2013*

- Add more demo exploits, e.g. python_external.py and Xalan XSLT demos.
- Improved documentation.

--------------

*Release date: 25-Feb-2013*

- As per http://seclists.org/oss-sec/2013/q1/340 please REJECT
CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 and use CVE-2013-1664,
CVE-2013-1665 for OpenStack/etc.
- Add missing parser_list argument to sax.make_parser(). The argument is
ignored, though. (thanks to Florian Apolloner)
- Add demo exploit for external entity attack on Python's SAX parser, XML-RPC
and WebDAV.