Message249880
Thank you for reporting this.
I see that the Windows browser class uses shell=True, and that is wrong from a security standpoint.
This appears to be a regression from 3.4, introduced by issue 8232. Since this is a security regression there either needs to be a fix or that changeset should be backed out. |
|
Date |
User |
Action |
Args |
2015-09-05 01:26:17 | r.david.murray | set | recipients:
+ r.david.murray, paul.moore, tim.golden, zach.ware, steve.dower, bhou |
2015-09-05 01:26:17 | r.david.murray | set | messageid: <1441416377.91.0.787267446616.issue25005@psf.upfronthosting.co.za> |
2015-09-05 01:26:17 | r.david.murray | link | issue25005 messages |
2015-09-05 01:26:17 | r.david.murray | create | |
|