summaryrefslogtreecommitdiffstats
path: root/Misc/NEWS.d/next/Security
Commit message (Expand)AuthorAgeFilesLines
* Python 3.12.0rc2v3.12.0rc2Thomas Wouters2023-09-052-10/+0
* [3.12] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close fla...Ɓukasz Langa2023-08-221-0/+7
* [3.12] GH-107774: Add missing audit event for PEP 669 (GH-107775) (#107839)Miss Islington (bot)2023-08-111-0/+3
* Python 3.12.0rc1v3.12.0rc1Thomas Wouters2023-08-052-6/+0
* [3.12] gh-102509: Start initializing `ob_digit` of `_PyLongValue` (GH-102510)...Miss Islington (bot)2023-07-311-0/+2
* [3.12] gh-106669: Revert "gh-102988: Detect email address parsing errors ... ...Gregory P. Smith2023-07-211-0/+4
* Python 3.12.0b4v3.12.0b4Thomas Wouters2023-07-111-4/+0
* [3.12] gh-102988: Detect email address parsing errors and return empty tuple ...Miss Islington (bot)2023-07-101-0/+4
* Python 3.12.0b2v3.12.0b2Thomas Wouters2023-06-062-4/+0
* [3.12] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) ...Miss Islington (bot)2023-06-011-0/+2
* [3.12] gh-99108: Refresh HACL* (GH-104808) (#104893)Miss Islington (bot)2023-05-241-0/+2
* Python 3.12.0b1v3.12.0b1Thomas Wouters2023-05-224-9/+0
* gh-102153: Start stripping C0 control and space chars in `urlsplit` (#102508)Illia Volochii2023-05-171-0/+3
* gh-99889: Fix directory traversal security flaw in uu.decode() (#104096)Sam Carroll2023-05-091-0/+2
* gh-99108: Replace SHA3 implementation HACL* version (#103597)Jonathan Protzenko2023-05-081-0/+2
* gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (#104...Ethan Furman2023-05-031-0/+2
* Python 3.12.0a6v3.12.0a6Thomas Wouters2023-03-074-13/+0
* gh-99108: Import MD5 and SHA1 from HACL* (#102089)Jonathan Protzenko2023-02-221-0/+2
* gh-99108: Import SHA2-384/512 from HACL* (#101707)Jonathan Protzenko2023-02-141-0/+4
* gh-101726: Update the OpenSSL version to 1.1.1t (GH-101727)Gregory P. Smith2023-02-091-0/+4
* gh-101283: Improved fallback logic for subprocess with shell=True on Windows ...Oleg Iarygin2023-02-081-0/+3
* Python 3.12.0a5v3.12.0a5Thomas Wouters2023-02-071-4/+0
* gh-99108: Replace SHA2-224 & 256 with verified code from HACL* (#99109)Jonathan Protzenko2023-02-071-0/+4
* Python 3.12.0a3v3.12.0a3Thomas Wouters2022-12-062-8/+0
* gh-100001: Omit control characters in http.server stderr logs. (#100002)Gregory P. Smith2022-12-051-0/+6
* Merge the 3.12.0a2 release into main.Thomas Wouters2022-11-151-0/+2
|\
| * gh-87604: Avoid publishing list of active per-interpreter audit hooks via the...Steve Dower2022-11-141-0/+2
* | Python 3.12.0a2v3.12.0a2Thomas Wouters2022-11-142-15/+0
|/
* gh-98433: Fix quadratic time idna decoding. (#99092)Gregory P. Smith2022-11-081-0/+14
* gh-98739: Update libexpat from 2.4.9 to 2.5.0 (#98742)Shaun Walbridge2022-10-271-0/+1
* Python 3.12.0a1v3.12.0a1Thomas Wouters2022-10-246-28/+0
* gh-97514: Don't use Linux abstract sockets for multiprocessing (#98501)Gregory P. Smith2022-10-201-0/+15
* gh-97669: Remove outdated example scripts (#97675)Victor Stinner2022-10-041-3/+0
* gh-97612: Fix shell injection in get-remote-certificate.py (#97613)Victor Stinner2022-09-281-0/+3
* gh-97616: list_resize() checks for integer overflow (#97617)Victor Stinner2022-09-281-0/+3
* gh-96512: Update int_max_str docs to say 3.11 (#96942)Gregory P. Smith2022-09-191-14/+0
* gh-95778: Correctly pre-check for int-to-str conversion (#96537)Mark Dickinson2022-09-041-1/+1
* gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499)Gregory P. Smith2022-09-021-0/+14
* gh-87389: Fix an open redirection vulnerability in http.server. (#93879)Gregory P. Smith2022-06-211-0/+3
* gh-92888: Fix memoryview bad `__index__` use after free (GH-92946)Ken Jin2022-06-171-0/+2
* gh-79096: Protect cookie file created by {LWP,Mozilla}CookieJar.save() (GH-93...Pascal Wittmann2022-06-071-0/+1
* gh-68966: Make mailcap refuse to match unsafe filenames/types/params (GH-91993)Petr Viktorin2022-06-031-0/+4
* Python 3.11.0b1Pablo Galindo2022-05-061-3/+0
* gh-57684: Add -P cmdline option and PYTHONSAFEPATH env var (#31542)Victor Stinner2022-05-051-0/+3
* Python 3.11.0a1v3.11.0a1Pablo Galindo2021-10-056-15/+0
* bpo-43124: Fix smtplib multiple CRLF injection (GH-25987)Miguel Brito2021-08-291-0/+2
* bpo-44394: Update libexpat copy to 2.4.1 (GH-26945)Victor Stinner2021-08-291-0/+3
* bpo-42278: Use tempfile.TemporaryDirectory rather than tempfile.mktemp in pyd...E-Paine2021-08-291-0/+2
* bpo-44600: Fix line numbers for pattern matching cleanup code (GH-27346)Charles Burkland2021-07-251-0/+1
* bpo-44022: Fix Sphinx role in NEWS entry (GH-27033)Sergey Fedoseev2021-07-051-1/+1