diff options
| author | Ned Deily <nad@python.org> | 2019-12-11 03:27:49 -0500 |
|---|---|---|
| committer | Ned Deily <nad@python.org> | 2019-12-11 03:28:36 -0500 |
| commit | 7ea0551592d80584b318099d5ebde4e7c552679f (patch) | |
| tree | fef3f8fa117cdeecf5384fb67a80f8987a13b587 /Misc/NEWS.d/3.6.10rc1.rst | |
| parent | b23c0840ce07e03f2705fb08d94f8f03e5c5d5b8 (diff) | |
| download | cpython-git-7ea0551592d80584b318099d5ebde4e7c552679f.tar.gz | |
3.6.10rc1v3.6.10rc1
Diffstat (limited to 'Misc/NEWS.d/3.6.10rc1.rst')
| -rw-r--r-- | Misc/NEWS.d/3.6.10rc1.rst | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/Misc/NEWS.d/3.6.10rc1.rst b/Misc/NEWS.d/3.6.10rc1.rst new file mode 100644 index 0000000000..1a902e429d --- /dev/null +++ b/Misc/NEWS.d/3.6.10rc1.rst @@ -0,0 +1,97 @@ +.. bpo: 38945 +.. date: 2019-12-01-22-44-40 +.. nonce: ztmNXc +.. release date: 2019-12-11 +.. section: Security + +Newline characters have been escaped when performing uu encoding to prevent +them from overflowing into to content section of the encoded file. This +prevents malicious or accidental modification of data during the decoding +process. + +.. + +.. bpo: 37228 +.. date: 2019-11-21-21-36-54 +.. nonce: yBZnFG +.. section: Security + +Due to significant security concerns, the *reuse_address* parameter of +:meth:`asyncio.loop.create_datagram_endpoint` is no longer supported. This +is because of the behavior of ``SO_REUSEADDR`` in UDP. For more details, see +the documentation for ``loop.create_datagram_endpoint()``. (Contributed by +Kyle Stanley, Antoine Pitrou, and Yury Selivanov in :issue:`37228`.) + +.. + +.. bpo: 38804 +.. date: 2019-11-15-00-54-42 +.. nonce: vjbM8V +.. section: Security + +Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch by Ben Caller. + +.. + +.. bpo: 38243 +.. date: 2019-09-25-13-21-09 +.. nonce: 1pfz24 +.. section: Security + +Escape the server title of :class:`xmlrpc.server.DocXMLRPCServer` when +rendering the document page as HTML. (Contributed by Dong-hee Na in +:issue:`38243`.) + +.. + +.. bpo: 38174 +.. date: 2019-09-23-21-02-46 +.. nonce: MeWuJd +.. section: Security + +Update vendorized expat library version to 2.2.8, which resolves +CVE-2019-15903. + +.. + +.. bpo: 37461 +.. date: 2019-07-16-08-11-00 +.. nonce: 1Ahz7O +.. section: Security + +Fix an infinite loop when parsing specially crafted email headers. Patch by +Abhilash Raj. + +.. + +.. bpo: 34155 +.. date: 2019-05-04-13-33-37 +.. nonce: MJll68 +.. section: Security + +Fix parsing of invalid email addresses with more than one ``@`` (e.g. +a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. +Patch by maxking & jpic. + +.. + +.. bpo: 38216 +.. date: 2019-09-27-15-24-45 +.. nonce: -7yvZR +.. section: Library + +Allow the rare code that wants to send invalid http requests from the +`http.client` library a way to do so. The fixes for bpo-30458 led to +breakage for some projects that were relying on this ability to test their +own behavior in the face of bad requests. + +.. + +.. bpo: 36564 +.. date: 2019-04-08-13-00-13 +.. nonce: _n67m_ +.. section: Library + +Fix infinite loop in email header folding logic that would be triggered when +an email policy's max_line_length is not long enough to include the required +markup and any values in the message. Patch by Paul Ganssle |