diff options
| author |   Benjamin Peterson <benjamin@python.org> | 2014-06-14 18:36:29 -0700 |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2014-06-14 18:36:29 -0700 |
| commit | 8d24d77c63bdbf25d68bf0a6cad408d06abf2d00 (patch) | |
| tree | 31f600e2a4e6d8d72191552d2a09f411604655d3 /Misc/NEWS | |
| parent | Issue #21742: Set stream to None after closing. (diff) | |
| download | cpython-8d24d77c63bdbf25d68bf0a6cad408d06abf2d00.tar.gz cpython-8d24d77c63bdbf25d68bf0a6cad408d06abf2d00.tar.bz2 cpython-8d24d77c63bdbf25d68bf0a6cad408d06abf2d00.zip | |
url unquote the path before checking if it refers to a CGI script (closes #21766)
Diffstat (limited to 'Misc/NEWS')
| -rw-r--r-- | Misc/NEWS | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS index b09bd84f5ea..310d2370f6a 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -25,6 +25,9 @@ Core and Builtins Library ------- +- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths + before checking for a CGI script at that path. + - Issue #21310: Fixed possible resource leak in failed open(). - Issue #21304: Backport the key derivation function hashlib.pbkdf2_hmac from |