b1b9a85172
3.7.4 (2021-02-25) Bugfixes (SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg. Thanks to Beast Glatisant for finding the first instance of this issue and Jelmer Vernooij for reporting and tracking it down in aiohttp. Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target. Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter. |
||
|---|---|---|
| .. | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||