| single |
lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries.
It provides safe and convenient access to these libraries using the
ElementTree API.
It extends the ElementTree API significantly to offer support for XPath,
RelaxNG, XML Schema, XSLT, C14N and much more.
To contact the project, go to the [project home page]
or see our bug tracker at https://launchpad.net/lxml
In case you want to use the current in-development version of lxml,
you can get it from the github repository at
https://github.com/lxml/lxml . Note that this requires Cython to
build the sources, see the build instructions on the project home page.
After an official release of a new stable series, bug fixes may become
available at
https://github.com/lxml/lxml/tree/lxml-6.1 .
Running ``pip install
https://github.com/lxml/lxml/archive/refs/heads/lxml-6.1.tar.gz``
will install the unreleased branch state as soon as a maintenance branch
has been established.
Note that this requires Cython to be installed at an appropriate version
for the build.
6.1.1 (2026-05-18)
==================
Bugs fixed
----------
* The known link attributes in ``lxml.html.defs.link_attrs were missing
xlink:href``,
which can be used for URL bypass attacks in embedded SVG/MathML/etc.
content.
https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f
* The Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and
CVE-2025-11731.
* The Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and
CVE-2025-11731.
|