This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author kj
Recipients AdamGold, kj, lemburg, serhiy.storchaka, vstinner
Date 2021-01-20.16:06:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1611158790.09.0.212553831731.issue42967@roundup.psfhosted.org>
In-reply-to
Content 
FWIW, a surprising amount of things rely on treating ';' as a valid separator in the standard test suite.

From just a cursory look:

test_cgi
test_urlparse

A change in the public API of urlparse will also require a change in cgi.py's FieldStorage, FieldStorage.read_multi, parse and parse_multipart to expose that parameter since those functions forward arguments directly to urllib.parse.parse_qs internally.

If we backport this, it seems that we will *also* need to backport all those changes to cgi's public API. Otherwise, just backporting the security fix part without allowing the user to switch would break existing code.

Just my 2 cents on the issue. I'm not too familiar with security fixes in cpython anyways ;).
History
Date User Action Args
2021-01-20 16:06:30kjsetrecipients: + kj, lemburg, vstinner, serhiy.storchaka, AdamGold
2021-01-20 16:06:30kjsetmessageid: <1611158790.09.0.212553831731.issue42967@roundup.psfhosted.org>
2021-01-20 16:06:30kjlinkissue42967 messages
2021-01-20 16:06:29kjcreate