Skip to content

Upgrade bundled Expat to 2.8.1 (e.g. for the fix to CVE-2026-45186) #149698

Open
Open
Upgrade bundled Expat to 2.8.1 (e.g. for the fix to CVE-2026-45186)#149698
Assignees
StanFromIreland
Labels
3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.14bugs and security fixes3.15pre-release feature fixes, bugs and security fixes3.16new features, bugs and security fixesextension-modulesC modules in the Modules dirtopic-XMLtype-securityA security issue
@hartwork

Description

@hartwork
hartwork
opened on May 11, 2026

Please see blog post https://blog.hartwork.org/posts/expat-2-8-1-released/ for an overview and the change log at https://github.com/libexpat/libexpat/blob/R_2_8_1/expat/Changes for details. Affects all alive branches of Python. Thank you!

Related: #149017 (predecessor for Expat 2.8.0)

CC @StanFromIreland

CVE-2026-45186

Linked PRs

Metadata

Metadata

Assignees

Labels

3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.14bugs and security fixes3.15pre-release feature fixes, bugs and security fixes3.16new features, bugs and security fixesextension-modulesC modules in the Modules dirtopic-XMLtype-securityA security issue

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions