This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes
Date 2018-09-10.22:47:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The pyexpat module calls XML_SetHashSalt(self->itself,                   (unsigned long)_Py_HashSecret.expat.hashsalt) to initialize the salt for hash randomization of the XML_Parser struct. The _elementree C accelerator doesn't call XML_SetHashSalt().

It's not a security issue with recent versions of libexpat. The library initializes the salt from a good entry source by default.
Date User Action Args
2018-09-10 22:47:44christian.heimessetrecipients: + christian.heimes
2018-09-10 22:47:44christian.heimessetmessageid: <>
2018-09-10 22:47:44christian.heimeslinkissue34623 messages
2018-09-10 22:47:44christian.heimescreate