File tree Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -1670,9 +1670,10 @@ Notable changes in 3.9.23
16701670os.path
16711671-------
16721672
1673- * The *strict * parameter to :func: `os.path.realpath ` accepts a new value,
1674- :data: `os.path.ALLOW_MISSING `.
1675- If used, errors other than :exc: `FileNotFoundError ` will be re-raised;
1673+ * The *strict * parameter was backported to :func: `os.path.realpath ` to
1674+ allow for ``tarfile `` to use it for security vulnerability mitigation.
1675+ In particular, when *strict * is set to :data: `os.path.ALLOW_MISSING `,
1676+ errors other than :exc: `FileNotFoundError ` will be re-raised;
16761677 the resulting path can be missing but it will be free of symlinks.
16771678 (Contributed by Petr Viktorin for CVE 2025-4517.)
16781679
You can’t perform that action at this time.
0 commit comments