From 1204dfc89cb3ed5e21dce32aed0339b7569fe1f9 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Thu, 19 Aug 2021 02:16:15 -0700 Subject: bpo-36384: [doc] Mention CVE-2021-29921 fix in 3.8.12 (GH-27824) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit 0fd66e46b2f472d0d206a185dc8892f4f0347cb6) Co-authored-by: Ɓukasz Langa --- Doc/library/ipaddress.rst | 5 +++++ Doc/whatsnew/3.8.rst | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/Doc/library/ipaddress.rst b/Doc/library/ipaddress.rst index 1c2263b..2ab4dd8 100644 --- a/Doc/library/ipaddress.rst +++ b/Doc/library/ipaddress.rst @@ -132,6 +132,11 @@ write code that handles both IP versions correctly. Address objects are The above change was also included in Python 3.9 starting with version 3.9.5. + .. versionchanged:: 3.8.12 + + The above change was also included in Python 3.8 starting with + version 3.8.12. + .. attribute:: version The appropriate version number: ``4`` for IPv4, ``6`` for IPv6. diff --git a/Doc/whatsnew/3.8.rst b/Doc/whatsnew/3.8.rst index f1a9036..7c293a5 100644 --- a/Doc/whatsnew/3.8.rst +++ b/Doc/whatsnew/3.8.rst @@ -2248,3 +2248,16 @@ separator key, with ``&`` as the default. This change also affects functions internally. For more details, please see their respective documentation. (Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin in :issue:`42967`.) + +Notable changes in Python 3.8.12 +================================ + +Starting with Python 3.8.12 the :mod:`ipaddress` module no longer accepts +any leading zeros in IPv4 address strings. Leading zeros are ambiguous and +interpreted as octal notation by some libraries. For example the legacy +function :func:`socket.inet_aton` treats leading zeros as octal notation. +glibc implementation of modern :func:`~socket.inet_pton` does not accept +any leading zeros. + +(Originally contributed by Christian Heimes in :issue:`36384`, and backported +to 3.8 by Achraf Merzouki.) -- cgit v0.12