Staging
v0.5.1
v0.5.1
https://github.com/python/cpython
Tip revision: e5f6aba872e66bfd86eb592214696a519cded197 authored by Larry Hastings on 01 November 2019, 23:02:34 UTC
Version bump for 3.5.9 final.
Version bump for 3.5.9 final.
Tip revision: e5f6aba
3.5.8rc1.rst
.. bpo: 37461
.. date: 2019-07-16-08-11-00
.. nonce: 1Ahz7O
.. release date: 2019-09-09
.. section: Security
Fix an infinite loop when parsing specially crafted email headers. Patch by
Abhilash Raj.
..
.. bpo: 35907
.. date: 2019-05-21-23-20-18
.. nonce: NC_zNK
.. section: Security
CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
``local_file://`` URL schemes in ``URLopener().open()`` and
``URLopener().retrieve()`` of :mod:`urllib.request`.
..
.. bpo: 34155
.. date: 2019-05-04-13-33-37
.. nonce: MJll68
.. section: Security
Fix parsing of invalid email addresses with more than one ``@`` (e.g.
a@b@c.com.) to not return the part before 2nd ``@`` as valid email address.
Patch by maxking & jpic.
..
.. bpo: 36742
.. date: 2019-04-29-15-34-59
.. nonce: QCUY0i
.. section: Security
Fixes mishandling of pre-normalization characters in urlsplit().
..
.. bpo: 30458
.. date: 2019-04-10-08-53-30
.. nonce: 51E-DA
.. section: Security
Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or
control characters through into the underlying http client request. Such
potentially malicious header injection URLs now cause an
http.client.InvalidURL exception to be raised.
..
.. bpo: 36816
.. date: 2019-05-08-15-55-46
.. nonce: WBKRGZ
.. section: Tests
Update Lib/test/selfsigned_pythontestdotnet.pem to match
self-signed.pythontest.net's new TLS certificate.
..
.. bpo: 36576
.. date: 2019-04-05-10-34-29
.. nonce: 7Cp2kK
.. section: Tests
Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1.
..
.. bpo: 36478
.. date: 2019-03-29-14-29-06
.. nonce: hzyneF
.. section: Build
Fix compatibility with ISO C89 needed by "gnu89" standard of GCC 4.8: use
C89 for loops in backported pickle patch. Patch by Anthony Sottile.
