summaryrefslogtreecommitdiffstats
path: root/Misc/NEWS.d/next/Security
Commit message (Expand)AuthorAgeFilesLines
* Merge the 3.12.0a2 release into main.Thomas Wouters2022-11-151-0/+2
|\
| * gh-87604: Avoid publishing list of active per-interpreter audit hooks via the...Steve Dower2022-11-141-0/+2
* | Python 3.12.0a2v3.12.0a2Thomas Wouters2022-11-142-15/+0
|/
* gh-98433: Fix quadratic time idna decoding. (#99092)Gregory P. Smith2022-11-081-0/+14
* gh-98739: Update libexpat from 2.4.9 to 2.5.0 (#98742)Shaun Walbridge2022-10-271-0/+1
* Python 3.12.0a1v3.12.0a1Thomas Wouters2022-10-246-28/+0
* gh-97514: Don't use Linux abstract sockets for multiprocessing (#98501)Gregory P. Smith2022-10-201-0/+15
* gh-97669: Remove outdated example scripts (#97675)Victor Stinner2022-10-041-3/+0
* gh-97612: Fix shell injection in get-remote-certificate.py (#97613)Victor Stinner2022-09-281-0/+3
* gh-97616: list_resize() checks for integer overflow (#97617)Victor Stinner2022-09-281-0/+3
* gh-96512: Update int_max_str docs to say 3.11 (#96942)Gregory P. Smith2022-09-191-14/+0
* gh-95778: Correctly pre-check for int-to-str conversion (#96537)Mark Dickinson2022-09-041-1/+1
* gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499)Gregory P. Smith2022-09-021-0/+14
* gh-87389: Fix an open redirection vulnerability in http.server. (#93879)Gregory P. Smith2022-06-211-0/+3
* gh-92888: Fix memoryview bad `__index__` use after free (GH-92946)Ken Jin2022-06-171-0/+2
* gh-79096: Protect cookie file created by {LWP,Mozilla}CookieJar.save() (GH-93...Pascal Wittmann2022-06-071-0/+1
* gh-68966: Make mailcap refuse to match unsafe filenames/types/params (GH-91993)Petr Viktorin2022-06-031-0/+4
* Python 3.11.0b1Pablo Galindo2022-05-061-3/+0
* gh-57684: Add -P cmdline option and PYTHONSAFEPATH env var (#31542)Victor Stinner2022-05-051-0/+3
* Python 3.11.0a1v3.11.0a1Pablo Galindo2021-10-056-15/+0
* bpo-43124: Fix smtplib multiple CRLF injection (GH-25987)Miguel Brito2021-08-291-0/+2
* bpo-44394: Update libexpat copy to 2.4.1 (GH-26945)Victor Stinner2021-08-291-0/+3
* bpo-42278: Use tempfile.TemporaryDirectory rather than tempfile.mktemp in pyd...E-Paine2021-08-291-0/+2
* bpo-44600: Fix line numbers for pattern matching cleanup code (GH-27346)Charles Burkland2021-07-251-0/+1
* bpo-44022: Fix Sphinx role in NEWS entry (GH-27033)Sergey Fedoseev2021-07-051-1/+1
* bpo-41180: Replace marshal code.__new__ audit event with marshal.load[s] and ...Steve Dower2021-06-301-0/+5
* Add the blurbify of the 3.10.0b1 changelog to the main branch (GH-25976)Ned Deily2021-05-0811-34/+0
* bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Conti...Gen Xu2021-05-051-0/+2
* bpo-43434: Move sqlite3.connect audit events to sqlite3.Connection.__init__ (...Erlend Egeberg Aasland2021-05-021-0/+4
* bpo-36384: Leading zeros in IPv4 addresses are no longer tolerated (GH-25099)Christian Heimes2021-05-021-0/+6
* bpo-43998: Default to TLS 1.2 and increase cipher suite security (GH-25778)Christian Heimes2021-05-011-0/+5
* bpo-42800: add audit hooks for f_code and tb_frame (GH-24182)Ryan Hileman2021-04-291-0/+1
* bpo-43882 - urllib.parse should sanitize urls containing ASCII newline and ta...Senthil Kumaran2021-04-291-0/+6
* bpo-43762: Add audit events for loading of sqlite3 extensions (GH-25246)Erlend Egeberg Aasland2021-04-261-0/+3
* bpo-37363: Add audit events to the `http.client` module (GH-21321)Saiyang Gou2021-04-231-0/+1
* bpo-43756: Add new audit event for new arguments added to glob.glob (GH-25239)Saiyang Gou2021-04-211-0/+2
* bpo-43472: Ensure PyInterpreterState_New audit events are raised when called ...Steve Dower2021-04-211-0/+3
* bpo-43362: Fix invalid free and return check in _sha3 module (GH-25463)Christian Heimes2021-04-181-0/+2
* bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391)Yeting Li2021-04-071-0/+1
* Python 3.10.0a7v3.10.0a7Pablo Galindo2021-04-053-14/+0
* bpo-42988: Remove the pydoc getfile feature (GH-25015)Victor Stinner2021-03-291-0/+4
* bpo-43285 Make ftplib not trust the PASV response. (GH-24838)Gregory P. Smith2021-03-151-0/+8
* bpo-43439: Add audit hooks for gc functions (GH-24794)Pablo Galindo2021-03-101-0/+2
* Python 3.10.0a6Pablo Galindo2021-03-011-1/+0
* bpo-42967: only use '&' as a query string separator (#24297)Adam Goldschmidt2021-02-141-0/+1
* Python 3.10.0a5Pablo Galindo2021-02-021-2/+0
* closes bpo-42938: Replace snprintf with Python unicode formatting in ctypes p...Benjamin Peterson2021-01-181-0/+2
* Python 3.10.0a3v3.10.0a3Pablo Galindo2020-12-071-1/+0
* bpo-40791: Make compare_digest more constant-time. (GH-20444)Devin Jeanpierre2020-11-211-0/+1
* Python 3.10.0a2v3.10.0a2Pablo Galindo2020-11-032-5/+0
generated by cgit v0.12 at 2024-11-21 21:35:11 (GMT)