This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients orsenthil, serhiy.storchaka, vstinner, yetingli
Date 2021-04-07.10:59:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
> header = '' + ',' * (10 ** 5)

I guess that a more generic protection against future attacks would be to limit the maximum length of a HTTP header. 100,000 characters for a HTTP Basic authentification does not sound reasonable.

But for now, let's fix the regex.
Date User Action Args
2021-04-07 10:59:29vstinnersetrecipients: + vstinner, orsenthil, serhiy.storchaka, yetingli
2021-04-07 10:59:29vstinnersetmessageid: <>
2021-04-07 10:59:29vstinnerlinkissue43075 messages
2021-04-07 10:59:29vstinnercreate