Python官网安全更新（2021-04-02）

Python 3.9.3 and 3.8.9 are now available

Python 3.9.3 and 3.8.9 are now available Those are expedited security releases, recommended to all users. Get them here:https://www.python.org/downloads/release/python-393/https://www.python.org/downloads/release/python-389/ Security Content bpo-43631: <br/>high-severity CVE-2021-3449 and CVE-2021-3450 were published for <br/>OpenSSL, it’s been upgraded to 1.1.1k in CI, and macOS and Windows <br/>installers.<br/>bpo-42988: <br/>CVE-2021-3426: Remove the getfile feature of the pydoc module which <br/>could be abused to read arbitrary files on the disk (directory traversal<br/> vulnerability). Moreover, even source code of Python modules can <br/>contain sensitive data like passwords. Vulnerability reported by David <br/>SchwÃrer.<br/>bpo-43285: ftplib no <br/>longer trusts the IP address value returned from the server in response <br/>to the PASV command by default. This prevents a malicious FTP server <br/>from using the response to probe IPv4 address and port combinations on <br/>the client network. Code that requires the former vulnerable behavior <br/>may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP <br/>instances to True to re-enable it.<br/>bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo. Release Calendar<br/>Due to the security fixes, those releases are made a month sooner <br/>than planned. I decided to keep the release calendar intact, meaning <br/>that the last full regular maintenance release of <br/>Python 3.8 is still planned for May 3rd 2021, after which it will shift <br/>to source releases only for security bug fixes only. Maintenance <br/>releases for the 3.9 series will continue at regular bi-monthly <br/>intervals, with 3.9.3 planned for May 3rd 2021 as well. What’s new?<br/>The Python 3.9 series contains many new features and optimizations over 3.8. See the “What’s New in Python 3.9 ” document for more information about features included in the 3.9 series. We also have a detailed change log for 3.9.3 specifically.<br/>Detailed information about all changes made in version 3.8.9 can be found in its respective changelog. We hope you enjoy those new releases!<br/>Thanks to all of the many volunteers who help make Python Development<br/> and these releases possible! Please consider supporting our efforts by <br/>volunteering yourself or through organization contributions to the <br/>Python Software Foundation.<br/>Your friendly release team,<br/>Ned Deily @nad<br/>Steve Dower @steve.dower<br/>Łukasz Langa @ambv <br/>Posted by<br/>Łukasz Langa <br/>at<br/>1:55 PM <br/>Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

Python是一种跨平台的计算机程序设计语言。是一种面向对象的动态类型语言,

<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450">CVE-2021-3450</a></p><p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426">CVE-2021-3426</a></p><p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449">CVE-2021-3449</a></p>

暂无

暂无

https://blog.python.org/search?q=security&max-results=20&by-date=true