18b7b9ef67
Python 3.10.12 Security gh-103142: The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u to address several CVEs. gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. Patch by Illia Volochii. Library gh-103935: Use io.open_code() for files to be executed instead of raw open() gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new a filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details. Documentation gh-89412: Add missing documentation for the end_lineno and end_offset attributes of the traceback.TracebackException class. Build gh-103262: Fixes Windows installer build to work with latest compilers. |
||
|---|---|---|
| .. | ||
| patches | ||
| ALTERNATIVES | ||
| buildlink3.mk | ||
| DESCR | ||
| dist.mk | ||
| distinfo | ||
| Makefile | ||
| options.mk | ||
| PLIST | ||
| PLIST.Darwin | ||
| PLIST.FreeBSD | ||
| PLIST.IRIX | ||
| PLIST.Linux | ||
| PLIST.NetBSD | ||
| PLIST.SunOS | ||