Metadata-Version: 2.4
Name: lxml
Version: 6.1.0
Summary: Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Home-page: https://lxml.de/
Author: lxml dev team
Author-email: lxml@lxml.de
Maintainer: lxml dev team
Maintainer-email: lxml@lxml.de
License: BSD-3-Clause
Project-URL: Source, https://github.com/lxml/lxml
Project-URL: Bug Tracker, https://bugs.launchpad.net/lxml
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Programming Language :: Cython
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Programming Language :: C
Classifier: Operating System :: OS Independent
Classifier: Topic :: Text Processing :: Markup :: HTML
Classifier: Topic :: Text Processing :: Markup :: XML
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.8
License-File: LICENSE.txt
License-File: LICENSES.txt
Provides-Extra: source
Provides-Extra: cssselect
Requires-Dist: cssselect>=0.7; extra == "cssselect"
Provides-Extra: html5
Requires-Dist: html5lib; extra == "html5"
Provides-Extra: htmlsoup
Requires-Dist: BeautifulSoup4; extra == "htmlsoup"
Provides-Extra: html-clean
Requires-Dist: lxml_html_clean; extra == "html-clean"
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: home-page
Dynamic: license
Dynamic: license-file
Dynamic: maintainer
Dynamic: maintainer-email
Dynamic: project-url
Dynamic: provides-extra
Dynamic: requires-python
Dynamic: summary

lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries.
It provides safe and convenient access to these libraries using the
ElementTree API.

It extends the ElementTree API significantly to offer support for XPath,
RelaxNG, XML Schema, XSLT, C14N and much more.

To contact the project, go to the `project home page <https://lxml.de/>`_
or see our bug tracker at https://launchpad.net/lxml

In case you want to use the current in-development version of lxml,
you can get it from the github repository at
https://github.com/lxml/lxml .  Note that this requires Cython to
build the sources, see the build instructions on the project home page.


After an official release of a new stable series, bug fixes may become available at
https://github.com/lxml/lxml/tree/lxml-6.1 .
Running ``pip install https://github.com/lxml/lxml/archive/refs/heads/lxml-6.1.tar.gz``
will install the unreleased branch state as soon as a maintenance branch has been established.
Note that this requires Cython to be installed at an appropriate version for the build.

6.1.0 (2026-04-17)
==================

This release fixes a possible external entity injection (XXE) vulnerability in
``iterparse()`` and the ``ETCompatXMLParser``.

Features added
--------------

* GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes
  in ``lxml.html.defs``.  This allows ``lxml_html_clean`` to pass them through.
  Patch by oomsveta.

* The default chunk size for reading from file-likes in ``iterparse()`` is now configurable
  with a new ``chunk_size`` argument.

Bugs fixed
----------

* LP#2146291: The ``resolve_entities`` option was still set to ``True`` for
  ``iterparse`` and ``ETCompatXMLParser``, allowing for external entity injection (XXE)
  when using these parsers without setting this option explicitly.
  The default was now changed to ``'internal'`` only (as for the normal XML and HTML parsers
  since lxml 5.0).
  Issue found by Sihao Qiu as CVE-2026-41066.


