diff options
Diffstat (limited to 'Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst')
| -rw-r--r-- | Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst b/Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst deleted file mode 100644 index 8312b7e885..0000000000 --- a/Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst +++ /dev/null @@ -1,8 +0,0 @@ -:mod:`ftplib` no longer trusts the IP address value returned from the server -in response to the PASV command by default. This prevents a malicious FTP -server from using the response to probe IPv4 address and port combinations -on the client network. - -Code that requires the former vulnerable behavior may set a -``trust_server_pasv_ipv4_address`` attribute on their -:class:`ftplib.FTP` instances to ``True`` to re-enable it. |