summaryrefslogtreecommitdiffstats
path: root/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-36276.51E-DA.rst
diff options
context:
space:
mode:
Diffstat (limited to 'Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-36276.51E-DA.rst')
-rw-r--r--Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-36276.51E-DA.rst1
1 files changed, 1 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-36276.51E-DA.rst b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-36276.51E-DA.rst
new file mode 100644
index 0000000..4fed4d5
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-36276.51E-DA.rst
@@ -0,0 +1 @@
+Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised. \ No newline at end of file
generated by cgit v0.12 at 2025-02-12 17:32:39 (GMT)