[security] Please upgrade bundled Expat to 2.7.4 (e.g. for the fixes to CVE-2026-24515 and CVE-2026-25210)

# Bug report

### Bug description:

Hello! 👋

Please upgrade bundled Expat to 2.7.4 (e.g. for the fixes to CVE-2026-24515 and CVE-2026-25210).

* Blog post: https://blog.hartwork.org/posts/expat-2-7-4-released/
* GitHub release: https://github.com/libexpat/libexpat/releases/tag/R_2_7_4
* Change log: https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes

The CPython issue for previous 2.7.3 was #139312 and the related merged main pull request was #139319, in case you want to have a look. (The `Dockerfile` from comment https://github.com/python/cpython/pull/123689#pullrequestreview-2280929950 could be of help with raising confidence in a bump pull request when going forward.)

Thanks in advance!

### CPython versions tested on:

3.9, 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, CPython main branch

### Operating systems tested on:

Linux, macOS, Windows, Other


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[security] Please upgrade bundled Expat to 2.7.4 (e.g. for the fixes to CVE-2026-24515 and CVE-2026-25210) #144363

Bug report

Bug description:

CPython versions tested on:

Operating systems tested on:

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

[security] Please upgrade bundled Expat to 2.7.4 (e.g. for the fixes to CVE-2026-24515 and CVE-2026-25210) #144363

Description

Bug report

Bug description:

CPython versions tested on:

Operating systems tested on:

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions