Safety vulnerability ID: 47852
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Aqtinstall 2.1.0rc2 uses 'defusedxml' instead of 'xml.etree.ElementTree' to avoid XXE attacks.
https://github.com/miurahr/aqtinstall/commit/745e6a25e46411ff526387615a1db51a6ba968e0
Latest version: 3.1.18
Another unofficial Qt installer
====================
aqtinstall changeLog
====================
All notable changes to this project will be documented in this file.
`Unreleased`_
=============
Changed
-------
* Use SHA256 hash from trusted mirror for integrity check (493)
* Check Update.xml file with SHA256 hash (493)
* Update combinations.xml (495)
* QtDesignStudio, IFW version change
* Update fallback mirror list (485)
Fixed
-----
* Test: Conditionally install dependencies on Ubuntu (494)
Added
-----
* doc: warn about unrelated aqt package (490)
* doc: add explanation of --config flag in CLI docs (491)
* doc: note about MSYS2/Mingw64 environment
Security
--------
* Use secrets for secure random numbers(498)
* Use defusedxml to parse Updates.xml file to avoid attack(498)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application