blob: e7403220b8dfd47749c5c702b825f324009131b1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
.. date: 2023-08-22-17-39-12
.. gh-issue: 108310
.. nonce: fVM3sg
.. release date: 2023-08-24
.. section: Security
Fixed an issue where instances of :class:`ssl.SSLSocket` were vulnerable to
a bypass of the TLS handshake and included protections (like certificate
verification) and treating sent unencrypted data as if it were
post-handshake TLS encrypted data. Security issue reported as
`CVE-2023-40217
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40217>`_ by Aapo
Oksman. Patch by Gregory P. Smith.
..
.. date: 2023-08-10-17-36-22
.. gh-issue: 107845
.. nonce: dABiMJ
.. section: Library
:func:`tarfile.data_filter` now takes the location of symlinks into account
when determining their target, so it will no longer reject some valid
tarballs with ``LinkOutsideDestinationError``.
..
.. date: 2023-08-12-13-18-15
.. gh-issue: 107565
.. nonce: Tv22Ne
.. section: Tools/Demos
Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10,
and 3.1.2.
..
.. date: 2022-11-20-09-52-50
.. gh-issue: 99612
.. nonce: eBHksg
.. section: C API
Fix :c:func:`PyUnicode_DecodeUTF8Stateful` for ASCII-only data:
``*consumed`` was not set.
|
