summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSenthil Kumaran <senthil@uthcode.com>2021-02-15 11:16:43 -0800
committerGitHub <noreply@github.com>2021-02-15 14:16:43 -0500
commit5c17dfc5d70ce88be99bc5769b91ce79d7a90d61 (patch)
tree57c06e80ae27e24f0657249d640eb25e19f9f5ac /Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst
parent[3.6] closes bpo-42938: Replace snprintf with Python unicode formatting in ct... (diff)
downloadcpython-5c17dfc5d70ce88be99bc5769b91ce79d7a90d61.tar.gz
cpython-5c17dfc5d70ce88be99bc5769b91ce79d7a90d61.tar.bz2
cpython-5c17dfc5d70ce88be99bc5769b91ce79d7a90d61.zip
[3.6] bpo-42967: only use '&' as a query string separator (GH-24297) (GH-24532)
bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com>
Diffstat (limited to 'Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst')
0 files changed, 0 insertions, 0 deletions