summaryrefslogtreecommitdiffstats
path: root/Misc/NEWS.d/3.8.9.rst
diff options
context:
space:
mode:
Diffstat (limited to 'Misc/NEWS.d/3.8.9.rst')
-rw-r--r--Misc/NEWS.d/3.8.9.rst276
1 files changed, 276 insertions, 0 deletions
diff --git a/Misc/NEWS.d/3.8.9.rst b/Misc/NEWS.d/3.8.9.rst
new file mode 100644
index 0000000..10d498c
--- /dev/null
+++ b/Misc/NEWS.d/3.8.9.rst
@@ -0,0 +1,276 @@
+.. bpo: 42988
+.. date: 2021-03-24-14-16-56
+.. nonce: P2aNco
+.. release date: 2021-04-02
+.. section: Security
+
+CVE-2021-3426: Remove the ``getfile`` feature of the :mod:`pydoc` module
+which could be abused to read arbitrary files on the disk (directory
+traversal vulnerability). Moreover, even source code of Python modules can
+contain sensitive data like passwords. Vulnerability reported by David
+Schwörer.
+
+..
+
+.. bpo: 43285
+.. date: 2021-03-13-03-48-14
+.. nonce: g-Hah3
+.. section: Security
+
+:mod:`ftplib` no longer trusts the IP address value returned from the server
+in response to the PASV command by default. This prevents a malicious FTP
+server from using the response to probe IPv4 address and port combinations
+on the client network.
+
+Code that requires the former vulnerable behavior may set a
+``trust_server_pasv_ipv4_address`` attribute on their :class:`ftplib.FTP`
+instances to ``True`` to re-enable it.
+
+..
+
+.. bpo: 43439
+.. date: 2021-03-08-23-06-07
+.. nonce: 5U3lXm
+.. section: Security
+
+Add audit hooks for :func:`gc.get_objects`, :func:`gc.get_referrers` and
+:func:`gc.get_referents`. Patch by Pablo Galindo.
+
+..
+
+.. bpo: 43660
+.. date: 2021-03-29-19-50-34
+.. nonce: scTgag
+.. section: Core and Builtins
+
+Fix crash that happens when replacing ``sys.stderr`` with a callable that
+can remove the object while an exception is being printed. Patch by Pablo
+Galindo.
+
+..
+
+.. bpo: 35883
+.. date: 2021-03-13-13-57-21
+.. nonce: UyGpdG
+.. section: Core and Builtins
+
+Python no longer fails at startup with a fatal error if a command line
+argument contains an invalid Unicode character. The
+:c:func:`Py_DecodeLocale` function now escapes byte sequences which would be
+decoded as Unicode characters outside the [U+0000; U+10ffff] range.
+
+..
+
+.. bpo: 43406
+.. date: 2021-03-04-22-53-10
+.. nonce: Na_VpA
+.. section: Core and Builtins
+
+Fix a possible race condition where ``PyErr_CheckSignals`` tries to execute
+a non-Python signal handler.
+
+..
+
+.. bpo: 35930
+.. date: 2021-03-23-17-18-56
+.. nonce: RZ51pM
+.. section: Library
+
+Raising an exception raised in a "future" instance will create reference
+cycles.
+
+..
+
+.. bpo: 43577
+.. date: 2021-03-21-10-13-17
+.. nonce: m7JnAV
+.. section: Library
+
+Fix deadlock when using :class:`ssl.SSLContext` debug callback with
+:meth:`ssl.SSLContext.sni_callback`.
+
+..
+
+.. bpo: 43423
+.. date: 2021-03-11-15-44-18
+.. nonce: rRomRD
+.. section: Library
+
+:func:`subprocess.communicate` no longer raises an IndexError when there is
+an empty stdout or stderr IO buffer during a timeout on Windows.
+
+..
+
+.. bpo: 27820
+.. date: 2021-03-10-14-07-44
+.. nonce: Wwdy-r
+.. section: Library
+
+Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with
+initial_response_ok=False will fail.
+
+The cause is that SMTP.auth_login _always_ returns a password if provided
+with a challenge string, thus non-compliant with the standard for AUTH
+LOGIN.
+
+Also fixes bug with the test for smtpd.
+
+..
+
+.. bpo: 43399
+.. date: 2021-03-04-17-53-46
+.. nonce: Wn95u-
+.. section: Library
+
+Fix ``ElementTree.extend`` not working on iterators when using the Python
+implementation
+
+..
+
+.. bpo: 43316
+.. date: 2021-02-25-09-44-36
+.. nonce: k9Gyqn
+.. section: Library
+
+The ``python -m gzip`` command line application now properly fails when
+detecting an unsupported extension. It exits with a non-zero exit code and
+prints an error message to stderr.
+
+..
+
+.. bpo: 43260
+.. date: 2021-02-20-12-15-29
+.. nonce: 6znAas
+.. section: Library
+
+Fix TextIOWrapper can not flush internal buffer forever after very large
+text is written.
+
+..
+
+.. bpo: 42782
+.. date: 2020-12-29-13-46-57
+.. nonce: 3r0HFY
+.. section: Library
+
+Fail fast in :func:`shutil.move()` to avoid creating destination directories
+on failure.
+
+..
+
+.. bpo: 37193
+.. date: 2020-06-12-21-23-20
+.. nonce: wJximU
+.. section: Library
+
+Fixed memory leak in ``socketserver.ThreadingMixIn`` introduced in Python
+3.7.
+
+..
+
+.. bpo: 43199
+.. date: 2021-03-13-18-43-54
+.. nonce: ZWA6KX
+.. section: Documentation
+
+Answer "Why is there no goto?" in the Design and History FAQ.
+
+..
+
+.. bpo: 43407
+.. date: 2021-03-04-22-53-03
+.. nonce: x570l5
+.. section: Documentation
+
+Clarified that a result from :func:`time.monotonic`,
+:func:`time.perf_counter`, :func:`time.process_time`, or
+:func:`time.thread_time` can be compared with the result from any following
+call to the same function - not just the next immediate call.
+
+..
+
+.. bpo: 27646
+.. date: 2021-02-20-00-09-13
+.. nonce: HRsmo-
+.. section: Documentation
+
+Clarify that 'yield from <expr>' works with any iterable, not just
+iterators.
+
+..
+
+.. bpo: 36346
+.. date: 2020-06-15-10-45-45
+.. nonce: H0sS_i
+.. section: Documentation
+
+Update some deprecated unicode APIs which are documented as "will be removed
+in 4.0" to "3.12". See :pep:`623` for detail.
+
+..
+
+.. bpo: 37945
+.. date: 2021-03-31-11-38-42
+.. nonce: HTUYhv
+.. section: Tests
+
+Fix test_getsetlocale_issue1813() of test_locale: skip the test if
+``setlocale()`` fails. Patch by Victor Stinner.
+
+..
+
+.. bpo: 41561
+.. date: 2021-03-18-10-34-42
+.. nonce: pDg4w-
+.. section: Tests
+
+Add workaround for Ubuntu's custom OpenSSL security level policy.
+
+..
+
+.. bpo: 43631
+.. date: 2021-03-26-09-16-34
+.. nonce: msJyPi
+.. section: Build
+
+Update macOS, Windows, and CI to OpenSSL 1.1.1k.
+
+..
+
+.. bpo: 43617
+.. date: 2021-03-24-16-55-55
+.. nonce: d69KAv
+.. section: Build
+
+Improve configure.ac: Check for presence of autoconf-archive package and
+remove our copies of M4 macros.
+
+..
+
+.. bpo: 41837
+.. date: 2021-02-28-22-49-46
+.. nonce: 9fqyXC
+.. section: macOS
+
+Update macOS installer build to use OpenSSL 1.1.1j.
+
+..
+
+.. bpo: 42225
+.. date: 2021-03-29-16-22-27
+.. nonce: iIeiLg
+.. section: IDLE
+
+Document that IDLE can fail on Unix either from misconfigured IP masquerage
+rules or failure displaying complex colored (non-ascii) characters.
+
+..
+
+.. bpo: 43283
+.. date: 2021-02-21-16-30-10
+.. nonce: DLBwYn
+.. section: IDLE
+
+Document why printing to IDLE's Shell is often slower than printing to a
+system terminal and that it can be made faster by pre-formatting a single
+string before printing.
generated by cgit v0.12 at 2024-11-23 09:36:10 (GMT)