This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients ezio.melotti, malin, vstinner, xiang.zhang
Date 2017-04-06.06:54:09
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
An incorrect implementation of a decoder might lead to security vulnerabilities:

*But* UTF-8 decoder of Python 2 is *not* strict and nobody complained.

I suggest that, once the changed is merged in master, backport the fix to 3.6 and 3.5.

But I'm not sure that it's worth it to backport it to 2.7? Is there a risk to break an application?
Date User Action Args
2017-04-06 06:54:09vstinnersetrecipients: + vstinner, ezio.melotti, malin, xiang.zhang
2017-04-06 06:54:09vstinnersetmessageid: <>
2017-04-06 06:54:09vstinnerlinkissue29990 messages
2017-04-06 06:54:09vstinnercreate