8000 3.6.14 · python/cpython@9a0099d · GitHub
[go: up one dir, main page]
Skip to content

Commit 9a0099d

Browse files
ned-deilyned-deily
committed
3.6.14
1 parent 1b6f4e5 commit 9a0099d

9 files changed

+71
-28
lines changed

Include/patchlevel.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,12 @@
1818
/*--start constants--*/
1919
#define PY_MAJOR_VERSION 3
2020
#define PY_MINOR_VERSION 6
21-
#define PY_MICRO_VERSION 13
21+
#define PY_MICRO_VERSION 14
2222
#define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL
2323
#define PY_RELEASE_SERIAL 0
2424

2525
/* Version as a string */
26-
#define PY_VERSION "3.6.13+"
26+
#define PY_VERSION "3.6.14"
2727
/*--end constants--*/
2828

2929
/* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.

Lib/pydoc_data/topics.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# -*- coding: utf-8 -*-
2-
# Autogenerated by Sphinx on Mon Feb 15 20:10:09 2021
2+
# Autogenerated by Sphinx on Mon Jun 28 12:38:05 2021
33
topics = {'assert': 'The "assert" statement\n'
44
'**********************\n'
55
'\n'
@@ -4863,7 +4863,7 @@
48634863
'character that can be any character and defaults to a space '
48644864
'if\n'
48654865
'omitted. It is not possible to use a literal curly brace '
4866-
'("{"” or\n'
4866+
'("{"” or\n'
48674867
'“"}"”) as the *fill* character in a formatted string '
48684868
'literal or when\n'
48694869
'using the "str.format()" method. However, it is possible '
@@ -6455,7 +6455,7 @@
64556455
'\n'
64566456
'Note that numeric literals do not include a sign; a phrase like '
64576457
'"-1"\n'
6458-
'is actually an expression composed of the unary operator ‘"-" '
6458+
'is actually an expression composed of the unary operator ‘"-" '
64596459
'and the\n'
64606460
'literal "1".\n',
64616461
'numeric-types': 'Emulating numeric types\n'

Misc/NEWS.d/3.6.14.rst

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
.. bpo: 44022
2+
.. date: 2021-05-05-17-37-04
3+
.. nonce: bS3XJ9
4+
.. release date: 2021-06-28
5+
.. section: Security
6+
7+
mod:`http.client` now avoids infinitely reading potential HTTP headers after
8+
a ``100 Continue`` status response from the server.
9+
10+
..
11+
12+
.. bpo: 43882
13+
.. date: 2021-04-25-07-46-37
14+
.. nonce: Jpwx85
15+
.. section: Security
16+
17+
The presence of newline or tab characters in parts of a URL could allow some
18+
forms of attacks.
19+
20+
Following the controlling specification for URLs defined by WHATWG
21+
:func:`urllib.parse` now removes ASCII newlines and tabs from URLs,
22+
preventing such attacks.
23+
24+
..
25+
26+
.. bpo: 42988
27+
.. date: 2021-03-24-14-16-56
28+
.. nonce: P2aNco
29+
.. section: Security
30+
31+
CVE-2021-3426: Remove the ``getfile`` feature of the :mod:`pydoc` module
32+
which could be abused to read arbitrary files on the disk (directory
33+
traversal vulnerability). Moreover, even source code of Python modules can
34+
contain sensitive data like passwords. Vulnerability reported by David
35+
Schwörer.
36+
37+
..
38+
39+
.. bpo: 43285
40+
.. date: 2021-03-13-03-48-14
41+
.. nonce: g-Hah3
42+
.. section: Security
43+
44+
:mod:`ftplib` no longer trusts the IP address value returned from the server
45+
in response to the PASV command by default. This prevents a malicious FTP
46+
server from using the response to probe IPv4 address and port combinations
47+
on the client network.
48+
49+
Code that requires the former vulnerable behavior may set a
50+
``trust_server_pasv_ipv4_address`` attribute on their :class:`ftplib.FTP`
51+
instances to ``True`` to re-enable it.
52+
53+
..
54+
55+
.. bpo: 43075
56+
.. date: 2021-01-31-05-28-14
57+
.. nonce: DoAXqO
58+
.. section: Security
59+
60+
Fix Regular Expression Denial of Service (ReDoS) vulnerability in
61+
:class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable
62+
regex has quadratic worst-case complexity and it allows cause a denial of
63+
service when identifying crafted invalid RFCs. This ReDoS issue is on the
64+
client side and needs remote attackers to control the HTTP server.

Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst

Lines changed: 0 additions & 1 deletion
This file was deleted.

Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst

Lines changed: 0 additions & 8 deletions
This file was deleted.

Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst

Lines changed: 0 additions & 4 deletions
This file was deleted.

Misc/NEWS.d/next/Security/2021-04-25-07-46-37.bpo-43882.Jpwx85.rst

Lines changed: 0 additions & 6 deletions
This file was deleted.

Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst

Lines changed: 0 additions & 2 deletions
This file was deleted.

README.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
This is Python version 3.6.13+
2-
==============================
1+
This is Python version 3.6.14
2+
=============================
33

44
.. image:: https://travis-ci.org/python/cpython.svg?branch=3.6
55
:alt: CPython build status on Travis CI

0 commit comments

Comments
 (0)
0