cpython

mirror of https://github.com/python/cpython.git synced 2025-12-08 06:10:17 +00:00

History

Tommaso Bona 31d3836f26 gh-138158: Use the `"data"` tarfile extraction filter in `Tools/ssl/multissltests.py` (#138147 ) The `Tools/ssl/multissltests.py` script may extract a possibly untrusted tarball. Since the script does not necessarily use Python 3.14 or later (where the `"data"` filter became the default `tarfile` extraction filter), the user may theoretically suffer from a path traversal attack. Although the script should not be used in production and usually relies on downloading trusted sources, the `"data"` extraction filter is now explicitly used wherever relevant.	2025-08-30 12:27:32 +02:00
..
make_ssl_data.py	gh-131423: update note in `Tools/ssl/make_ssl_data.py` (#133077 )	2025-04-28 11:11:46 +00:00
multissltests.py	gh-138158: Use the `"data"` tarfile extraction filter in `Tools/ssl/multissltests.py` (#138147 )	2025-08-30 12:27:32 +02:00

gh-138158: Use the "data" tarfile extraction filter in Tools/ssl/multissltests.py (#138147 )

The `Tools/ssl/multissltests.py` script may extract a possibly untrusted tarball.
Since the script does not necessarily use Python 3.14 or later (where the `"data"`
filter became the default `tarfile` extraction filter), the user may theoretically
suffer from a path traversal attack.

Although the script should not be used in production and usually relies on downloading
trusted sources, the `"data"` extraction filter is now explicitly used wherever relevant.

2025-08-30 12:27:32 +02:00

make_ssl_data.py gh-131423: update note in Tools/ssl/make_ssl_data.py (#133077 ) 2025-04-28 11:11:46 +00:00

multissltests.py gh-138158: Use the "data" tarfile extraction filter in Tools/ssl/multissltests.py (#138147 ) 2025-08-30 12:27:32 +02:00