Added change note for python

Napalys · Napalys · commit 9ee3e1d72147 · 2025-07-15T09:57:02.000+02:00
diff --git a/python/ql/lib/change-notes/2025-07-15-xml-bomb-sinks-python.md b/python/ql/lib/change-notes/2025-07-15-xml-bomb-sinks-python.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks. 

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks.