Workflow

Lxml

Latest version: v5.3.1

Safety actively analyzes 714815 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 12 of 28

3.3.6

Not secure
==================

Bugs fixed
----------

* Prevent tree cycle creation when adding Elements as siblings.

* LP1361948: crash when deallocating Element siblings without parent.

* LP1354652: crash when traversing internally loaded documents in XSLT
extension functions.

3.3.5

Not secure
==================

Bugs fixed
----------

* HTML cleaning could fail to strip javascript links that mix control
characters into the link scheme.

3.3.4

Not secure
==================

Features added
--------------

* Source line numbers above 65535 are available on Elements when
using libxml2 2.9 or later.

Bugs fixed
----------

* ``lxml.html.fragment_fromstring()`` failed for bytes input in Py3.

Other changes
-------------

3.3.3

Not secure
==================

Bugs fixed
----------

* LP1287118: Crash when using Element subtypes with ``__slots__``.

Other changes
-------------

* The internal classes ``_LogEntry`` and ``_Attrib`` can no longer be
subclassed from Python code.

3.3.2

Not secure
==================

Bugs fixed
----------

* The properties ``resolvers`` and ``version``, as well as the methods
``set_element_class_lookup()`` and ``makeelement()``, were lost from
``iterparse`` objects in 3.3.0.

* LP1222132: instances of ``XMLSchema``, ``Schematron`` and ``RelaxNG``
did not clear their local ``error_log`` before running a validation.

* LP1238500: lxml.doctestcompare mixed up "expected" and "actual" in
attribute values.

* Some file I/O tests were failing in MS-Windows due to non-portable temp
file usage. Initial patch by Gabi Davar.

* LP910014: duplicate IDs in a document were not reported by DTD validation.

* LP1185332: ``tostring(method="html")`` did not use HTML serialisation
semantics for trailing tail text. Initial patch by Sylvain Viollon.

* LP1281139: ``.attrib`` value of Comments lost its mutation methods
in 3.3.0. Even though it is empty and immutable, it should still
provide the same interface as that returned for Elements.

3.3.1

Not secure
==================

Features added
--------------

Bugs fixed
----------

* LP1014290: HTML documents parsed with ``parser.feed()`` failed to find
elements during tag iteration.

* LP1273709: Building in PyPy failed due to missing support for
``PyUnicode_Compare()`` and ``PyByteArray_*()`` in PyPy's C-API.

* LP1274413: Compilation in MSVC failed due to missing "stdint.h" standard
header file.

* LP1274118: iterparse() failed to parse BOM prefixed files.

Other changes
-------------

Page 12 of 28

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.