In the past defusedexpat would protect against certain classes of XML attacks, but defusedexpat is no longer maintained.
A followup project defusedxml exists, but it is no longer needed. The types of vulnerabilities that defusedexpat/defusedxml prevented are already mitigated by fixes within expat itself and newer python versions. See discussion in issue #321 for details.
In the past defusedexpat would protect against certain classes of XML attacks, but defusedexpat is no longer maintained.
A followup project defusedxml exists, but it is no longer needed. The types of vulnerabilities that defusedexpat/defusedxml prevented are already mitigated by fixes within expat itself and newer python versions. See discussion in issue #321 for details.