[issue38216] Fix for issue30458 (HTTP Header Injection) prevents crafting invalid requests
Gregory P. Smith
report at bugs.python.org
Fri Sep 27 01:32:26 EDT 2019
Gregory P. Smith <greg at krypto.org> added the comment:
Regardless, since things have already shipped in stable releases, there is a release that code _will_ encounter somewhere that does validate data but does not support overruling that behavior. so i'm not sure if it actually matters to have this in 3.7 or 3.6 as anyone who wants to avoid complaints from users who happen to be on those python patch levels will need to include a workaround in their code or explicitly avoid those versions.
That said, PR 16321 looks overall like a good idea, I have no problem with it being backported to 3.7 and 3.6.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38216>
_______________________________________
More information about the Python-bugs-list
mailing list