18b7b9ef67
Python 3.10.12 Security gh-103142: The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u to address several CVEs. gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. Patch by Illia Volochii. Library gh-103935: Use io.open_code() for files to be executed instead of raw open() gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new a filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details. Documentation gh-89412: Add missing documentation for the end_lineno and end_offset attributes of the traceback.TracebackException class. Build gh-103262: Fixes Windows installer build to work with latest compilers. |
||
---|---|---|
.. | ||
patches | ||
ALTERNATIVES | ||
buildlink3.mk | ||
DESCR | ||
dist.mk | ||
distinfo | ||
Makefile | ||
options.mk | ||
PLIST | ||
PLIST.Darwin | ||
PLIST.FreeBSD | ||
PLIST.IRIX | ||
PLIST.Linux | ||
PLIST.NetBSD | ||
PLIST.SunOS |