python
diff --git a/‎Misc/NEWS.d/next/Library/2026-04-24-19-54-00.gh-issue-148954.v1.rst‎
Lines changed: 1 addition & 0 deletions b/‎Misc/NEWS.d/next/Library/2026-04-24-19-54-00.gh-issue-148954.v1.rst‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Misc/NEWS.d/next/Security/2026-04-24-19-54-00.gh-issue-148954.v1.rst‎
Lines changed: 0 additions & 2 deletions b/‎Misc/NEWS.d/next/Security/2026-04-24-19-54-00.gh-issue-148954.v1.rst‎
Lines changed: 0 additions & 2 deletions
@@ -0,0 +1 @@
+Fix XML injection vulnerability in :func:`xmlrpc.client.dumps` where the ``methodname`` was not being escaped before interpolation into the XML body.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Fix XML injection vulnerability in :func:`xmlrpc.client.dumps` where the ``methodname`` was not being escaped before interpolation into the XML body.