Replace warnings with notes

Replace also "XML Vulnerabilities" with "XML Security".

Author: vstinner

Doc/library/pyexpat.rst

@@ -16,11 +16,10 @@
    references to these attributes should be marked using the :member: role.
 
 
-.. warning::
+.. note::
 
-   The :mod:`pyexpat` module is not secure against maliciously
-   constructed data.  If you need to parse untrusted or unauthenticated data see
-   :ref:`xml-vulnerabilities`.
+   If you need to parse untrusted or unauthenticated data, see
+   :ref:`xml-security`.
 
 
 .. index:: single: Expat

Doc/library/security_warnings.rst

@@ -28,7 +28,7 @@ The following modules have specific security considerations:
   <subprocess-security>`
 * :mod:`tempfile`: :ref:`mktemp is deprecated due to vulnerability to race
   conditions <tempfile-mktemp-deprecated>`
-* :mod:`xml`: :ref:`XML vulnerabilities <xml-vulnerabilities>`
+* :mod:`xml`: :ref:`XML security <xml-security>`
 * :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume
   exhaustion <zipfile-resources-limitations>`
 

Doc/library/xml.dom.minidom.rst

@@ -19,11 +19,10 @@ not already proficient with the DOM should consider using the
 :mod:`xml.etree.ElementTree` module for their XML processing instead.
 
 
-.. warning::
+.. note::
 
-   The :mod:`xml.dom.minidom` module is not secure against
-   maliciously constructed data.  If you need to parse untrusted or
-   unauthenticated data see :ref:`xml-vulnerabilities`.
+   If you need to parse untrusted or unauthenticated data, see
+   :ref:`xml-security`.
 
 
 DOM applications typically start by parsing some XML into a DOM.  With

Doc/library/xml.dom.pulldom.rst

@@ -19,11 +19,10 @@ responsible for explicitly pulling events from the stream, looping over those
 events until either processing is finished or an error condition occurs.
 
 
-.. warning::
+.. note::
 
-   The :mod:`xml.dom.pulldom` module is not secure against
-   maliciously constructed data.  If you need to parse untrusted or
-   unauthenticated data see :ref:`xml-vulnerabilities`.
+   If you need to parse untrusted or unauthenticated data, see
+   :ref:`xml-security`.
 
 .. versionchanged:: 3.7.1
 

Doc/library/xml.etree.elementtree.rst

@@ -20,11 +20,10 @@ for parsing and creating XML data.
    The :mod:`!xml.etree.cElementTree` module is deprecated.
 
 
-.. warning::
+.. note::
 
-   The :mod:`xml.etree.ElementTree` module is not secure against
-   maliciously constructed data.  If you need to parse untrusted or
-   unauthenticated data see :ref:`xml-vulnerabilities`.
+   If you need to parse untrusted or unauthenticated data, see
+   :ref:`xml-security`.
 
 Tutorial
 --------

Doc/library/xml.rst

@@ -40,12 +40,11 @@ The XML handling submodules are:
 * :mod:`xml.parsers.expat`: the Expat parser binding
 
 
-.. _xml-vulnerabilities:
+.. _xml-security:
 
-XML vulnerabilities
--------------------
+XML security
+------------
 
-The XML processing modules are not secure against maliciously constructed data.
 An attacker can abuse XML features to carry out denial of service attacks,
 access local files, generate network connections to other machines, or
 circumvent firewalls.

Doc/library/xml.sax.rst

@@ -18,11 +18,10 @@ SAX exceptions and the convenience functions which will be most used by users of
 the SAX API.
 
 
-.. warning::
+.. note::
 
-   The :mod:`xml.sax` module is not secure against maliciously
-   constructed data.  If you need to parse untrusted or unauthenticated data see
-   :ref:`xml-vulnerabilities`.
+   If you need to parse untrusted or unauthenticated data, see
+   :ref:`xml-security`.
 
 .. versionchanged:: 3.7.1
 

Doc/library/xmlrpc.client.rst

@@ -24,8 +24,8 @@ between conformable Python objects and XML on the wire.
 .. warning::
 
    The :mod:`xmlrpc.client` module is not secure against maliciously
-   constructed data.  If you need to parse untrusted or unauthenticated data see
-   :ref:`xml-vulnerabilities`.
+   constructed data.  If you need to parse untrusted or unauthenticated data,
+   see :ref:`xml-security`.
 
 .. versionchanged:: 3.5
 

Doc/library/xmlrpc.server.rst

@@ -20,8 +20,8 @@ servers written in Python.  Servers can either be free standing, using
 .. warning::
 
    The :mod:`xmlrpc.server` module is not secure against maliciously
-   constructed data.  If you need to parse untrusted or unauthenticated data see
-   :ref:`xml-vulnerabilities`.
+   constructed data.  If you need to parse untrusted or unauthenticated data,
+   see :ref:`xml-security`.
 
 .. include:: ../includes/wasm-notavail.rst