Skip to content

Commit 920a1c3

Browse files
committed
Reword 3.9.23 notable changes to reflect status of backports
1 parent dd8f187 commit 920a1c3

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

Doc/whatsnew/3.9.rst

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1670,9 +1670,10 @@ Notable changes in 3.9.23
16701670
os.path
16711671
-------
16721672

1673-
* The *strict* parameter to :func:`os.path.realpath` accepts a new value,
1674-
:data:`os.path.ALLOW_MISSING`.
1675-
If used, errors other than :exc:`FileNotFoundError` will be re-raised;
1673+
* The *strict* parameter was backported to :func:`os.path.realpath` to
1674+
allow for ``tarfile`` to use it for security vulnerability mitigation.
1675+
In particular, when *strict* is set to :data:`os.path.ALLOW_MISSING`,
1676+
errors other than :exc:`FileNotFoundError` will be re-raised;
16761677
the resulting path can be missing but it will be free of symlinks.
16771678
(Contributed by Petr Viktorin for CVE 2025-4517.)
16781679

0 commit comments

Comments
 (0)