Message 291213 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	ezio.melotti, malin, vstinner, xiang.zhang
Date	2017-04-06.06:54:09
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1491461649.78.0.446433582025.issue29990@psf.upfronthosting.co.za>
In-reply-to

Content
An incorrect implementation of a decoder might lead to security vulnerabilities: http://unicodebook.readthedocs.io/issues.html#security-vulnerabilities But UTF-8 decoder of Python 2 is not strict and nobody complained. I suggest that, once the changed is merged in master, backport the fix to 3.6 and 3.5. But I'm not sure that it's worth it to backport it to 2.7? Is there a risk to break an application?

An incorrect implementation of a decoder might lead to security vulnerabilities:
http://unicodebook.readthedocs.io/issues.html#security-vulnerabilities

*But* UTF-8 decoder of Python 2 is *not* strict and nobody complained.

I suggest that, once the changed is merged in master, backport the fix to 3.6 and 3.5.

But I'm not sure that it's worth it to backport it to 2.7? Is there a risk to break an application?

History
Date	User	Action	Args
2017-04-06 06:54:09	vstinner	set	recipients: + vstinner, ezio.melotti, malin, xiang.zhang
2017-04-06 06:54:09	vstinner	set	messageid: <1491461649.78.0.446433582025.issue29990@psf.upfronthosting.co.za>
2017-04-06 06:54:09	vstinner	link	issue29990 messages
2017-04-06 06:54:09	vstinner	create