File tree Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -1670,9 +1670,10 @@ Notable changes in 3.9.23
1670
1670
os.path
1671
1671
-------
1672
1672
1673
- * The *strict * parameter to :func: `os.path.realpath ` accepts a new value,
1674
- :data: `os.path.ALLOW_MISSING `.
1675
- If used, errors other than :exc: `FileNotFoundError ` will be re-raised;
1673
+ * The *strict * parameter was backported to :func: `os.path.realpath ` to
1674
+ allow for ``tarfile `` to use it for security vulnerability mitigation.
1675
+ In particular, when *strict * is set to :data: `os.path.ALLOW_MISSING `,
1676
+ errors other than :exc: `FileNotFoundError ` will be re-raised;
1676
1677
the resulting path can be missing but it will be free of symlinks.
1677
1678
(Contributed by Petr Viktorin for CVE 2025-4517.)
1678
1679
You can’t perform that action at this time.
0 commit comments