The latest version of Tastypie includes a number of important security fixes and all users are strongly encouraged to upgrade.

Please note that the fixes might cause backwards incompatibility issues, so please check the upgrade notes carefully.

Security hardening improvements

Upgrade notes:

  • If you use XML serialization (enabled by default):
    • defusedxml is now required

    • defusedxml requires lxml 3 or later

    pip install defusedxml "lxml>=3"

  • Python 2.5 is no longer officially supported because defusedxml requires Python 2.6 or later. If you cannot upgrade to a newer version of Python please consider disabling XML support entirely.