Python 3.6.11 final
There were no new changes in version 3.6.11.
Python 3.6.11 release candidate 1
Security
bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised.
bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager.
bpo-39401: Avoid unsafe load of api-ms-win-core-path-l1-1-0.dll at startup on Windows 7.
Core and Builtins
bpo-39510: Fix segfault in readinto() method on closed BufferedReader.
bpo-39421: Fix possible crashes when operating with the functions in the heapq module and custom comparison operators.
Library
bpo-39503: AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge.
Changes:
3.6.9
=====
Documentation
-------------
- bpo-35605: Fix documentation build for sphinx<1.6. Patch by Anthony Sottile.
- bpo-35564: Explicitly set master_doc variable in conf.py for compliance with
Sphinx 2.0
Changes:
3.6.8
=====
Documentation
-------------
- bpo-35089: Remove mention of ``typing.io`` and ``typing.re``. Their types
should be imported from ``typing`` directly.
- bpo-35038: Fix the documentation about an unexisting `f_restricted`
attribute in the frame object. Patch by Stéphane Wirtel
- bpo-35035: Rename documentation for :mod:`email.utils` to
``email.utils.rst``.
- bpo-34967: Use app.add_object_type() instead of the deprecated Sphinx
function app.description_unit()
- bpo-33594: Document ``getargspec``, ``from_function`` and ``from_builtin``
as deprecated in their respective docstring, and include version since
deprecation in DeprecationWarning message.
- bpo-32613: Update the faq/windows.html to use the py command from PEP 397
instead of python.
Changes:
3.6.7
-----
Documentation
=============
- bpo-32174: chm document displays non-ASCII charaters properly on some
MBCS Windows systems.
- bpo-28617: Fixed info in the stdtypes docs concerning the types that
support membership tests.
- bpo-34065: Fix wrongly written basicConfig documentation markup syntax
- bpo-33847: Add `@' operator entry to index.
- bpo-25041: Document AF_PACKET in the socket module.
Changes:
3.6.6
-----
Documentation
- bpo-33503: Fix broken pypi link
- bpo-33421: Add missing documentation for typing.AsyncContextManager.
- bpo-33378: Add Korean language switcher for https://docs.python.org/3/
- bpo-33276: Clarify that the __path__ attribute on modules cannot be just
any value.
- bpo-33201: Modernize documentation for writing C extension types.
- bpo-33195: Deprecate Py_UNICODE usage in c-api/arg document.
Py_UNICODE related APIs are deprecated since Python 3.3, but it
is missed in the document.
- bpo-33126: Document PyBuffer_ToContiguous().
- bpo-27212: Modify documentation for the islice() recipe to consume initial
values up to the start index.
- bpo-28247: Update zipapp documentation to describe how to make standalone
applications.
- bpo-18802: Documentation changes for ipaddress. Patch by Jon Foster and
Berker Peksag.
- bpo-27428: Update documentation to clarify that WindowsRegistryFinder
implements MetaPathFinder. (Patch by Himanshu Lakhara)
- bpo-8243: Add a note about curses.addch and curses.addstr exception
behavior when writing outside a window, or pad.
- bpo-31432: Clarify meaning of CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED
flags for ssl.SSLContext.verify_mode.
Changes:
Documentation
-------------
- bpo-17232: Clarify docs for -O and -OO. Patch by Terry Reedy.
- bpo-32800: Update link to w3c doc for xml default namespaces.
- bpo-8722: Document __getattr__() behavior when property get() method raises
AttributeError.
- bpo-32614: Modify RE examples in documentation to use raw strings to
prevent DeprecationWarning and add text to REGEX HOWTO to
highlight the deprecation.
- bpo-31972: Improve docstrings for pathlib.PurePath subclasses.
- bpo-17799: Explain real behaviour of sys.settrace and sys.setprofile and
their C-API counterparts regarding which type of events are
received in each function. Patch by Pablo Galindo Salgado.
Changes:
3.6.4
-----
Documentation
-------------
- bpo-32105: Added asyncio.BaseEventLoop.connect_accepted_socket
versionaddded marker.
- bpo-31537: Fix incorrect usage of ``get_history_length`` in readline
documentation example code. Patch by Brad Smith.
- bpo-30085: The operator functions without double underscores are preferred
for clarity. The one with underscores are only kept for back-
compatibility.
pkgsrc changes:
- Take MAINTAINERship (or, in other words, make me blameworthy if the Python
documentation isn't synced with the respective lang/python* packages :))
Changes:
No changelog is available but it syncs py36-html-docs to current
python36 version.