bpo-42967: only use '&' as a query string separator by AdamGold · Pull Request #24297 · python/cpython
bpo-42967: [security] urllib.parse.parse_qsl(): Web cache poisoning - `;` as a query args separator
ned-deily pushed a commit that referenced this pull request
Feb 15, 2021…H-24532) bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com>
gentoo-bot pushed a commit to gentoo/cpython that referenced this pull request
Mar 4, 2021
…4297) (pythonGH-24532) bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com> Rebased for Python 2.7 by Michał Górny
kaxil
mentioned this pull request
kaxil added a commit to astronomer/airflow that referenced this pull request
Mar 10, 2021
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache@061cd23 - apache@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first.
kaxil added a commit to apache/airflow that referenced this pull request
Mar 10, 2021
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - 061cd23 - 49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first.
adorilson pushed a commit to adorilson/cpython that referenced this pull request
Mar 13, 2021bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Éric Araujo <merwok@netwok.org>
kaxil added a commit to apache/airflow that referenced this pull request
Mar 19, 2021
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - 061cd23 - 49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. (cherry picked from commit ffe3bd2)
raspbian-autopush pushed a commit to raspbian-packages/python3.5 that referenced this pull request
Apr 8, 2021
ashb pushed a commit to apache/airflow that referenced this pull request
Apr 15, 2021
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - 061cd23 - 49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. (cherry picked from commit ffe3bd2)
leahecole pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Sep 16, 2021
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. (cherry picked from commit ffe3bd29574d62a0a692cd8f63995856bbff8c0b) GitOrigin-RevId: 4033041ab9a8806c139c6dc3e9b77f3818aca962
leahecole pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Sep 17, 2021
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
leahecole pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Sep 23, 2021
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
raspbian-autopush pushed a commit to raspbian-packages/python3.5 that referenced this pull request
Nov 4, 2021
leahecole pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Nov 27, 2021
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
leahecole pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Mar 10, 2022
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
leahecole pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Jun 4, 2022
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
kosteev pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Jul 9, 2022
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
leahecole pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Aug 27, 2022
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
leahecole pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Oct 4, 2022
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
aglipska pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Oct 7, 2022
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
leahecole pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Dec 7, 2022
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
leahecole pushed a commit to GoogleCloudPlatform/composer-airflow that referenced this pull request
Jan 27, 2023
python/cpython#24297 change was included in Python 3.8.8 to fix a vulnerability (bpo-42967) Depending on which Base Python Image is run in our CI, two of the tests can fail or succeed. Our Previous two attempts: - apache/airflow@061cd23 - apache/airflow@49952e7 We might for a while get different base python version depending on the changes of a PR (whether or not it includes a change to dockerfiler). a) when you have PR which do not have changes in the Dockerfile, they will use the older python version as base (for example Python 3.8.7) b) when you have PR that touches the Dockerfile and have setup.py changes in master, it should pull Python 3.8.8 first. GitOrigin-RevId: ffe3bd29574d62a0a692cd8f63995856bbff8c0b
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters