Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
17 changed files
with
152 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,149 @@ | ||
.. date: 2024-02-18-03-14-40 | ||
.. gh-issue: 115398 | ||
.. nonce: tzvxH8 | ||
.. release date: 2024-03-19 | ||
.. section: Security | ||
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding | ||
five new methods: | ||
|
||
* :meth:`xml.etree.ElementTree.XMLParser.flush` | ||
* :meth:`xml.etree.ElementTree.XMLPullParser.flush` | ||
* :meth:`xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` | ||
* :meth:`xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` | ||
* :meth:`xml.sax.expatreader.ExpatParser.flush` | ||
|
||
.. | ||
.. date: 2024-02-13-15-14-39 | ||
.. gh-issue: 115399 | ||
.. nonce: xT-scP | ||
.. section: Security | ||
Update bundled libexpat to 2.6.0 | ||
|
||
.. | ||
.. date: 2024-01-02-19-52-23 | ||
.. gh-issue: 113659 | ||
.. nonce: DkmnQc | ||
.. section: Security | ||
Skip ``.pth`` files with names starting with a dot or hidden file attribute. | ||
|
||
.. | ||
.. date: 2023-10-27-19-38-33 | ||
.. gh-issue: 102388 | ||
.. nonce: vd5YUZ | ||
.. section: Core and Builtins | ||
Fix a bug where ``iso2022_jp_3`` and ``iso2022_jp_2004`` codecs read out of | ||
bounds | ||
|
||
.. | ||
.. date: 2024-02-09-19-41-48 | ||
.. gh-issue: 115197 | ||
.. nonce: 20wkWH | ||
.. section: Library | ||
``urllib.request`` no longer resolves the hostname before checking it | ||
against the system's proxy bypass list on macOS and Windows. | ||
|
||
.. | ||
.. date: 2024-02-08-14-21-28 | ||
.. gh-issue: 115133 | ||
.. nonce: ycl4ko | ||
.. section: Library | ||
Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat | ||
2.6.0. | ||
|
||
.. | ||
.. date: 2023-12-01-16-09-59 | ||
.. gh-issue: 81194 | ||
.. nonce: FFad1c | ||
.. section: Library | ||
Fix a crash in :func:`socket.if_indextoname` with specific value (UINT_MAX). | ||
Fix an integer overflow in :func:`socket.if_indextoname` on 64-bit | ||
non-Windows platforms. | ||
|
||
.. | ||
.. date: 2023-09-28-13-15-51 | ||
.. gh-issue: 109858 | ||
.. nonce: 43e2dg | ||
.. section: Library | ||
Protect :mod:`zipfile` from "quoted-overlap" zipbomb. It now raises | ||
BadZipFile when try to read an entry that overlaps with other entry or | ||
central directory. | ||
|
||
.. | ||
.. date: 2023-08-03-12-52-19 | ||
.. gh-issue: 107077 | ||
.. nonce: -pzHD6 | ||
.. section: Library | ||
Seems that in some conditions, OpenSSL will return ``SSL_ERROR_SYSCALL`` | ||
instead of ``SSL_ERROR_SSL`` when a certification verification has failed, | ||
but the error parameters will still contain ``ERR_LIB_SSL`` and | ||
``SSL_R_CERTIFICATE_VERIFY_FAILED``. We are now detecting this situation and | ||
raising the appropiate ``ssl.SSLCertVerificationError``. Patch by Pablo | ||
Galindo | ||
|
||
.. | ||
.. date: 2022-12-01-16-57-44 | ||
.. gh-issue: 91133 | ||
.. nonce: LKMVCV | ||
.. section: Library | ||
Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no | ||
longer dereferences symlinks when working around file system permission | ||
errors. | ||
|
||
.. | ||
.. date: 2024-02-14-20-17-04 | ||
.. gh-issue: 115399 | ||
.. nonce: fb9a0R | ||
.. section: Documentation | ||
Document CVE-2023-52425 of Expat <2.6.0 under "XML vulnerabilities". | ||
|
||
.. | ||
.. date: 2023-10-11-16-02-55 | ||
.. gh-issue: 108310 | ||
.. nonce: URRe8Y | ||
.. section: Tests | ||
SSL tests for pre-handshake close were previously not enabled on Python 3.8 | ||
due to an incorrect backport. This is now fixed. Patch by Lumír Balhar. | ||
|
||
.. | ||
.. date: 2024-02-01-14-35-05 | ||
.. gh-issue: 111239 | ||
.. nonce: SO7SUF | ||
.. section: Windows | ||
Update Windows builds to use zlib v1.3.1. | ||
|
||
.. | ||
.. date: 2023-09-29-10-35-29 | ||
.. gh-issue: 109991 | ||
.. nonce: GmuzGZ | ||
.. section: Windows | ||
Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has reached its | ||
end of life and no future fixes will be made, and this version of Python is | ||
no longer receiving maintenance fixes and will not be updated to OpenSSL | ||
3.0. |
1 change: 0 additions & 1 deletion
1
Misc/NEWS.d/next/Core and Builtins/2023-10-27-19-38-33.gh-issue-102388.vd5YUZ.rst
This file was deleted.
Oops, something went wrong.
1 change: 0 additions & 1 deletion
1
Misc/NEWS.d/next/Documentation/2024-02-14-20-17-04.gh-issue-115399.fb9a0R.rst
This file was deleted.
Oops, something went wrong.
2 changes: 0 additions & 2 deletions
2
Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
This file was deleted.
Oops, something went wrong.
6 changes: 0 additions & 6 deletions
6
Misc/NEWS.d/next/Library/2023-08-03-12-52-19.gh-issue-107077.-pzHD6.rst
This file was deleted.
Oops, something went wrong.
3 changes: 0 additions & 3 deletions
3
Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst
This file was deleted.
Oops, something went wrong.
3 changes: 0 additions & 3 deletions
3
Misc/NEWS.d/next/Library/2023-12-01-16-09-59.gh-issue-81194.FFad1c.rst
This file was deleted.
Oops, something went wrong.
2 changes: 0 additions & 2 deletions
2
Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
This file was deleted.
Oops, something went wrong.
2 changes: 0 additions & 2 deletions
2
Misc/NEWS.d/next/Library/2024-02-09-19-41-48.gh-issue-115197.20wkWH.rst
This file was deleted.
Oops, something went wrong.
1 change: 0 additions & 1 deletion
1
Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst
This file was deleted.
Oops, something went wrong.
1 change: 0 additions & 1 deletion
1
Misc/NEWS.d/next/Security/2024-02-13-15-14-39.gh-issue-115399.xT-scP.rst
This file was deleted.
Oops, something went wrong.
8 changes: 0 additions & 8 deletions
8
Misc/NEWS.d/next/Security/2024-02-18-03-14-40.gh-issue-115398.tzvxH8.rst
This file was deleted.
Oops, something went wrong.
2 changes: 0 additions & 2 deletions
2
Misc/NEWS.d/next/Tests/2023-10-11-16-02-55.gh-issue-108310.URRe8Y.rst
This file was deleted.
Oops, something went wrong.
4 changes: 0 additions & 4 deletions
4
Misc/NEWS.d/next/Windows/2023-09-29-10-35-29.gh-issue-109991.GmuzGZ.rst
This file was deleted.
Oops, something went wrong.
1 change: 0 additions & 1 deletion
1
Misc/NEWS.d/next/Windows/2024-02-01-14-35-05.gh-issue-111239.SO7SUF.rst
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters