[Python-Dev] Need help to fix urllib(.parse) vulnerabilities
Victor Stinner
victor.stinner at gmail.com
Sat Jul 22 17:47:38 EDT 2017
I consider that it is a security vulneraibility and so should be fixed in
all supported branches including 3.3 and 3.4.
If someone is blocked for a legit usecase, an old Python version can be
used until we decide how to handle it.
I concur with you, I don't think that anyone uses filenames containing
newlines on FTP. FTP protocol is text based and uses newlines as the
command separator. I expect a lot of not fun issues if someone uses such
filename on legit files.
Victor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170722/034d4c40/attachment.html>
More information about the Python-Dev
mailing list