This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author lukasz.langa
Recipients Joel Croteau, Julian, christian.heimes, docs@python, eric.smith, gc2, lukasz.langa, mgorny, ncoghlan, ned.deily, pmoody, serhiy.storchaka, steve.dower, vstinner
Date 2021-05-02.10:01:01
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1619949661.97.0.667887068663.issue36384@roundup.psfhosted.org>
In-reply-to
Content 
Due to the relative obscurity of the bug and potential disruption of the fix, I decided not to include it in 3.8.

However, Michał's argument about 3.10 not being released for another five months is resonating with me and so we will be backporting the change to 3.9.5, to be released tomorrow. Victor's argument about opt-ins being a bad way to fix security also makes sense, although let me point out that we've made decisions the other way in the past as well, for instance with hash randomization.

In any case, the issue will be solved in Python 3.10.0 Beta 1 and Python 3.9.5. Having the fixed behavior "in 3.9.5 and newer" makes for easy mechanical checks whether a given version is affected.
History
Date User Action Args
2021-05-02 10:01:02lukasz.langasetrecipients: + lukasz.langa, ncoghlan, vstinner, eric.smith, christian.heimes, ned.deily, pmoody, docs@python, mgorny, Julian, serhiy.storchaka, steve.dower, Joel Croteau, gc2
2021-05-02 10:01:01lukasz.langasetmessageid: <1619949661.97.0.667887068663.issue36384@roundup.psfhosted.org>
2021-05-02 10:01:01lukasz.langalinkissue36384 messages
2021-05-02 10:01:01lukasz.langacreate