You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Wire up the forbid_external setting (previously defined but unused since the move off defusedxml in 4.0). When enabled, zeep refuses to transitively fetch http/https resources via xsd:import, xsd:include, wsdl:import or lxml entity resolution, raising zeep.exceptions.ExternalReferenceForbidden. The user-supplied entry-point WSDL/schema URL is still loaded. The default remains False to preserve existing behaviour; enable it when loading WSDLs from untrusted sources to mitigate SSRF via attacker-controlled import targets.
Internal
Tooling only (no runtime changes): migrated dependency/build management to uv and replaced isort/flake8/black with ruff.
