mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-30 04:15:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

[3.9] bpo-43285: Add a What's New entry for 3.9.3. (GH-24888)

Browse source 
Covers the ftplib security fix.
This commit is contained in:
Gregory P. Smith 2021-03-15 21:37:58 -07:00 committed by GitHub
parent 7dcb4baa4f
commit d0312cece9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Doc/whatsnew/3.9.rst
View file

@ -1529,3 +1529,12 @@ separator key, with ``&`` as the default. This change also affects
functions internally. For more details, please see their respective
documentation.
(Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin in :issue:`42967`.)
Notable changes in Python 3.9.3
===============================
A security fix alters the :class:`ftplib.FTP` behavior to not trust the
IPv4 address sent from the remote server when setting up a passive data
channel. We reuse the ftp server IP address instead. For unusual code
requiring the old behavior, set a ``trust_server_pasv_ipv4_address``
attribute on your FTP instance to ``True``. (See :issue:`43285`)