pypi zeep 4.3.3
on Python PyPI

10 hours ago

Highlights

  • Wire up the forbid_external setting (previously defined but unused since the move off defusedxml in 4.0). When enabled, zeep refuses to transitively fetch http/https resources via xsd:import, xsd:include, wsdl:import or lxml entity resolution, raising zeep.exceptions.ExternalReferenceForbidden. The user-supplied entry-point WSDL/schema URL is still loaded. The default remains False to preserve existing behaviour; enable it when loading WSDLs from untrusted sources to mitigate SSRF via attacker-controlled import targets.

Internal

  • Tooling only (no runtime changes): migrated dependency/build management to uv and replaced isort/flake8/black with ruff.
Check out latest releases or
releases around zeep 4.3.3

Don't miss a new zeep release

NewReleases is sending notifications on new releases.

Get notifications