Overview
Request 1174634 accepted
- Update to 3.11.9:
* Security
* gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425, bsc#1219559) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
* gh-115399: Update bundled libexpat to 2.6.0
* gh-115243: Fix possible crashes in collections.deque.index()
when the deque is concurrently modified.
* gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across
multiple threads.
* Core and Builtins
* gh-116296: Fix possible refleak in object.__reduce__() internal
error handling.
* gh-116034: Fix location of the error on a failed assertion.
* gh-115823: Properly calculate error ranges in the parser when
raising SyntaxError exceptions caused by invalid byte sequences.
Patch by Pablo Galindo
* gh-112087: For an empty reverse iterator for list will be
reduced to reversed(). Patch by Donghee Na.
* gh-115011: Setters for members with an unsigned integer type now
support the same range of valid values for objects that has a
__index__() method as for int.
* gh-96497: Fix incorrect resolution of mangled class variables
used in assignment expressions in comprehensions.
- Created by vizhestkov
- In state accepted
- Supersedes 1174507
Request History
vizhestkov created request
- Update to 3.11.9:
* Security
* gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425, bsc#1219559) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
* gh-115399: Update bundled libexpat to 2.6.0
* gh-115243: Fix possible crashes in collections.deque.index()
when the deque is concurrently modified.
* gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across
multiple threads.
* Core and Builtins
* gh-116296: Fix possible refleak in object.__reduce__() internal
error handling.
* gh-116034: Fix location of the error on a failed assertion.
* gh-115823: Properly calculate error ranges in the parser when
raising SyntaxError exceptions caused by invalid byte sequences.
Patch by Pablo Galindo
* gh-112087: For an empty reverse iterator for list will be
reduced to reversed(). Patch by Donghee Na.
* gh-115011: Setters for members with an unsigned integer type now
support the same range of valid values for objects that has a
__index__() method as for int.
* gh-96497: Fix incorrect resolution of mangled class variables
used in assignment expressions in comprehensions.
PSuarezHernandez accepted request