Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-04-17 09:20:43 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Lib
History
Miss Islington (bot) d849cf5fec
[3.12] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-142216) (#142297) 
[3.14] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-142216)

The CGI server on Windows could consume the amount of memory specified
in the Content-Length header of the request even if the client does not
send such much data. Now it reads the POST request body by chunks,
therefore the memory consumption is proportional to the amount of sent
data.
(cherry picked from commit 0e4f4f1a46)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2025-12-15 15:11:38 +01:00
..
__phello__
asyncio [3.12] gh-131325: fix sendfile fallback implementation to drain data after writing to transport (GH-131376) (#131378) 2025-03-17 19:40:43 +00:00
collections [3.12] Fix outdated reference link in collections module (gh-130349) (gh-130387) 2025-02-21 00:15:48 +00:00
concurrent [3.12] gh-88110: Clear concurrent.futures.thread._threads_queues after fork to avoid joining parent process' threads (GH-126098) (GH-127164) 2024-11-30 09:05:46 +00:00
ctypes [3.12] gh-87969: Align docs and docstrings with implementation for ctypes' [w]string_at() (GH-25384) (GH-118046) 2024-04-19 13:23:26 +02:00
curses gh-60436: fix curses textbox backspace/del (#103783) 2023-04-26 22:54:07 +02:00
dbm
email [3.12] gh-121284: Fix email address header folding with parsed encoded-word (GH-122754) (#131404) 2025-03-18 15:35:32 -04:00
encodings gh-98433: Fix quadratic time idna decoding. (#99092) 2022-11-07 16:54:41 -08:00
ensurepip [3.12] gh-129583: update bundled pip to 25.0.1 (GH-129909) (#129947) 2025-03-03 17:46:07 +02:00
html [3.12] gh-137836: Support more RAWTEXT and PLAINTEXT elements in HTMLParser (GH-137837) (GH-140842) (GH-140850) 2025-10-31 17:57:28 +01:00
http [3.12] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-142216) (#142297) 2025-12-15 15:11:38 +01:00
idlelib [3.12] gh-69001: Convert links to more usable buttons (GH-129591) (#130339) 2025-02-20 08:49:51 +00:00
importlib [3.12] gh-116608: undeprecate functional importlib.resources API (#132206) 2025-04-08 10:36:29 +02:00
json [3.12] gh-132021: Add bool type to the list of allowed JSON key types (GH-132048) (#132256) 2025-04-08 08:43:45 +00:00
lib2to3
logging [3.12] gh-127712: Fix secure argument of logging.handlers.SMTPHandler (GH-127726) (GH-129956) 2025-02-10 14:29:57 +00:00
msilib
multiprocessing [3.12] gh-88887: Cleanup multiprocessing.resource_tracker.ResourceTracker upon deletion (GH-130429) (#131530) 2025-03-21 11:15:35 +01:00
pydoc_data Python 3.12.12 2025-10-09 13:07:00 +02:00
re [3.12] gh-126505: Fix bugs in compiling case-insensitive character classes (GH-126557) (GH-126690) 2024-11-11 16:47:37 +00:00
site-packages
sqlite3 [3.12] gh-118221: Always use the default row factory in sqlite3.iterdump() (#118223) (#118270) 2024-04-25 08:33:35 +00:00
test [3.12] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-142216) (#142297) 2025-12-15 15:11:38 +01:00
tkinter [3.12] gh-128562: Fix generation of the tkinter widget names (GH-128604) (GH-128792) 2025-01-13 18:23:53 +02:00
tomllib
turtledemo [3.12] [3.13] gh-123370: Fix the canvas not clearing after running turtledemo.clock (gh-123457) (GH-125653) (#125656) 2024-10-17 17:09:05 +00:00
unittest [3.12] bpo-46128: Strip IsolatedAsyncioTestCase frames from reported stacktraces (GH-30196) (#126771) 2024-11-13 09:20:47 +00:00
urllib [3.12] gh-105704: Disallow square brackets ([ and ]) in domain names for parsed URLs (GH-129418) (GH-129527) 2025-02-02 08:30:28 +00:00
venv [3.12] gh-112507: Detect Cygwin and MSYS with uname instead of $OSTYPE (GH-112508) (GH-130674) 2025-02-28 09:23:45 +00:00
wsgiref bpo-45975: Simplify some while-loops with walrus operator (GH-29347) 2022-11-26 14:33:25 -08:00
xml [3.12] gh-128302: Fix bugs in xml.dom.xmlbuilder (GH-128284) (#128583) 2025-01-11 13:30:29 +02:00
xmlrpc bpo-45975: Simplify some while-loops with walrus operator (GH-29347) 2022-11-26 14:33:25 -08:00
zipfile [3.12] gh-139700: Check consistency of the zip64 end of central directory record (GH-139702) (GH-139708) (GH-139712) 2025-10-08 13:46:28 +02:00
zoneinfo [3.12] gh-106233: Fix stacklevel in zoneinfo.InvalidTZPathWarning (GH-106234) (GH-115081) 2024-02-06 13:26:39 +00:00
__future__.py gh-93626: Set the release for __future__.annotations to None (GH-93628) 2022-07-05 10:46:39 +02:00
__hello__.py
_aix_support.py gh-96305: Fix AIX build by avoiding subprocess during bootstrap (#96429) 2023-02-02 12:30:49 -08:00
_collections_abc.py [3.12] gh-116938: Clarify documentation of dict and dict.update regarding the positional argument they accept (GH-125213) (#125337) 2024-10-11 23:23:54 +00:00
_compat_pickle.py
_compression.py
_markupbase.py
_osx_support.py [3.12] gh-102362: Fix macOS version number in result of sysconfig.get_platform() (GH-112942) (#113264) 2023-12-19 19:51:17 +01:00
_py_abc.py
_pydatetime.py gh-130959: Reject whitespace in fractions, in pure Python fromisoformat() (GH-130962) (GH-131076) (#131086) 2025-03-11 12:00:06 +00:00
_pydecimal.py [3.12] Fix typos in Lib/_pydecimal.py (GH-127700) (#127888) 2024-12-12 20:45:20 +00:00
_pyio.py [3.12] gh-95782: Fix io.BufferedReader.tell() etc. being able to return offsets < 0 (GH-99709) (GH-115599) 2024-02-17 14:56:00 +02:00
_pylong.py [3.12] gh-118164: Break a loop between _pydecimal and _pylong and optimize int to str conversion (GH-118483) (GH-118590) 2024-05-06 12:10:05 +03:00
_sitebuiltins.py
_strptime.py [3.12] gh-127552: Remove comment questioning 4-digit restriction for ‘Y’ in datetime.strptime patterns (GH-127590) (#127649) 2024-12-10 09:20:54 +01:00
_threading_local.py
_weakrefset.py
abc.py gh-87864: Use correct function definition syntax in the docs (#103312) 2023-04-11 16:50:25 +03:00
aifc.py
antigravity.py
argparse.py [3.12] gh-125355: Rewrite parse_intermixed_args() in argparse (GH-125356) (GH-125839) 2024-10-22 13:23:30 +00:00
ast.py [3.12] gh-127975: Avoid reusing quote types in ast.unparse if not needed (GH-127980) (#129601) 2025-02-02 22:58:22 +00:00
base64.py [3.12] Clarify base64.a85encode docs: *wrapcols* doesn't count the newline (GH-119409) (GH-119482) 2024-05-28 16:55:43 +02:00
bdb.py [3.12] gh-58956: Set f_trace on frames with breakpoints after setting a new breakpoint (GH-124454) (#125549) 2025-01-25 15:12:19 -05:00
bisect.py GH-102833: Mention the key function in the docstrings (GH-103009) 2023-03-25 02:19:20 -05:00
bz2.py
calendar.py [3.12] gh-126476: Raise IllegalMonthError for calendar.formatmonth() when the input month is not correct (GH-126484) (GH-126878) 2024-11-15 15:20:10 -08:00
cgi.py
cgitb.py
chunk.py
cmd.py
code.py [3.12] gh-122478: Remove internal frames from tracebacks in REPL (GH-122528) (GH-122816) 2024-08-23 09:27:03 +03:00
codecs.py [3.12] gh-50644: Forbid pickling of codecs streams (GH-109180) (#109231) 2023-10-02 16:55:52 +02:00
codeop.py [3.12] gh-111366: Correctly show custom syntax error messages in the codeop module functions (GH-111384). (#111517) 2023-10-30 19:53:01 +00:00
colorsys.py [3.12] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122013) 2024-07-19 09:08:33 +00:00
compileall.py GH-84559: Deprecate fork being the multiprocessing default. (#100618) 2023-02-02 15:50:35 -08:00
configparser.py [3.12] gh-116957: configparser: Do post-process values after DuplicateOptionError (GH-116958) (GH-117013) 2024-03-19 18:18:50 +01:00
contextlib.py [3.12] gh-103791: handle BaseExceptionGroup in contextlib.suppress() (GH-111910) (#111955) 2023-11-10 14:00:48 +00:00
contextvars.py [3.12] gh-126451: Revert backports of ABC registrations for contextvars.Context and multiprocessing proxies (#126735) 2024-11-12 12:26:23 +00:00
copy.py gh-100815: Normalize types module usage in copy module (#100816) 2023-01-07 21:29:53 +00:00
copyreg.py gh-99325: Remove unused NameError handling (#99326) 2022-11-11 09:56:57 +00:00
cProfile.py gh-103935: Use io.open_code() when executing code in trace and profile modules (GH-103947) 2023-04-27 20:29:35 +00:00
crypt.py gh-95231: Disable md5 & crypt modules if FIPS is enabled (GH-94742) 2022-08-15 07:48:07 -07:00
csv.py gh-67230: add quoting rules to csv module (GH-29469) 2023-04-12 15:32:30 -07:00
dataclasses.py [3.12] gh-123935: Fix typo in _get_slots in dataclasses.py (GH-123941) (#123992) 2024-09-12 07:48:01 +00:00
datetime.py [3.12] gh-84976: Add back UTC to datetime.__all__ (GH-104920) (#106019) 2023-06-26 20:41:52 -07:00
decimal.py [3.12] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122013) 2024-07-19 09:08:33 +00:00
difflib.py [3.12] gh-131204: Fix difflib.HtmlDiff may not use monospaced font (GH-131221) (#131243) 2025-03-14 12:23:39 +00:00
dis.py [3.12] gh-127637: add tests for dis command-line interface (#127759) (#127780) 2025-01-18 12:01:56 +01:00
doctest.py [3.12] gh-117692: Fix AttributeError in DocTestFinder on wrapped builtin_or_method (GH-117699) (#117708) 2024-04-10 14:17:15 +00:00
enum.py [3.12] gh-131045: [Enum] fix flag containment checks when using values (GH-131053) (#131232) 2025-03-24 10:31:24 +01:00
filecmp.py [3.12] gh-122400: Handle ValueError in filecmp (GH-122401) (GH-122442) 2024-07-30 09:07:06 +00:00
fileinput.py gh-101961 fileinput.hookcompressed should not set the encoding value for the binary mode (gh-102068) 2023-02-21 12:10:29 +09:00
fnmatch.py
fractions.py [3.12] gh-119189: Fix the power operator for Fraction (GH-119242) (GH-119835) 2024-07-16 10:44:05 +03:00
ftplib.py [3.12] gh-114241: Fix and improve the ftplib CLI (GH-114242) (GH-114404) 2024-01-21 20:48:12 +00:00
functools.py [3.12] gh-127537: Add __class_getitem__ to the python implementation of functools.partial (#127537) (#128282) 2024-12-27 01:25:07 +00:00
genericpath.py [3.12] gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing') (GH-135037) (GH-135066) 2025-06-03 16:00:21 +02:00
getopt.py
getpass.py
gettext.py [3.12] gh-110519: Improve deprecation warning in the gettext module (GH-110520) (GH-110563) 2023-10-09 16:27:01 +02:00
glob.py [3.12] gh-79382: Fix recursive glob() with trailing "**" (GH-115134) (GH-115290) 2024-02-11 10:57:40 +00:00
graphlib.py [3.12] gh-129892: Doc: Remove unnecessary role directive in graphlib.py (GH-129896) (#129905) 2025-02-09 15:39:23 +00:00
gzip.py [3.12] gh-131492, gh-131461: handle exceptions in GzipFile constructor while owning resources (GH-131462) (#131519) 2025-03-21 11:21:40 +01:00
hashlib.py gh-99108: Refactor _sha256 & _sha512 into _sha2. (#101924) 2023-02-15 22:08:20 -08:00
heapq.py
hmac.py [3.12] gh-112999: Replace the outdated "deprecated" directives with "versionchanged" (GH-113000) (GH-113019) 2023-12-12 17:20:51 +00:00
imaplib.py [3.12] gh-119511: Fix a potential denial of service in imaplib (GH-119514) (GH-129356) 2025-01-27 14:06:14 -08:00
imghdr.py gh-85455: Add missing doc strings and improve docs (#21573) 2022-10-15 09:31:06 -04:00
inspect.py [3.12] gh-130164: Fix inspect.Signature.bind() handling of positional-only args without defaults (GH-130192) (GH-132259) 2025-04-08 09:39:45 +00:00
io.py gh-111356: io: Add missing documented objects to io.__all__ (GH-111370) 2023-11-10 07:37:19 +00:00
ipaddress.py [3.12] gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address (GH-134836) (GH-134847) 2025-06-03 16:25:28 +02:00
keyword.py gh-103763: Implement PEP 695 (#103764) 2023-05-15 20:36:23 -07:00
linecache.py [3.12] gh-126775: make linecache.checkcache threadsafe and GC re-entrency safe (GH-126776) (#127779) 2024-12-10 08:02:22 +00:00
locale.py [3.12] gh-91565: Replace bugs.python.org links with Devguide/GitHub ones (GH-91568) (GH-117890) 2024-04-15 12:59:34 +00:00
lzma.py
mailbox.py [3.12] gh-117467: Add preserving of mailbox owner on flush (GH-117510) (GH-117537) 2024-04-04 10:55:42 +00:00
mailcap.py bpo-45975: Simplify some while-loops with walrus operator (GH-29347) 2022-11-26 14:33:25 -08:00
mimetypes.py [3.12] gh-101137: Add text/x-rst to mimetypes (GH-118593) (GH-118599) 2025-04-08 12:40:41 +02:00
modulefinder.py
netrc.py
nntplib.py
ntpath.py [3.12] gh-136065: Fix quadratic complexity in os.path.expandvars() (GH-134952) (GH-140847) 2025-10-31 17:50:42 +01:00
nturl2path.py [3.12] GH-127078: url2pathname(): handle extra slash before UNC drive in URL path (GH-127132) (#127136) 2024-11-22 04:37:51 +00:00
numbers.py gh-68163: Correct conversion of Rational instances to float (GH-25619) 2022-09-04 13:15:59 +01:00
opcode.py gh-103865: add monitoring support to LOAD_SUPER_ATTR (#103866) 2023-05-16 10:29:00 -06:00
operator.py
optparse.py
os.py [3.12] gh-127541: Update os.walk example (GH-127765) (#131873) 2025-03-29 10:34:35 +00:00
pathlib.py [3.12] GH-125069: Fix inconsistent joining in WindowsPath(PosixPath(...)) (GH-125156) (#125410) 2024-10-13 18:18:41 +00:00
pdb.py [3.12] gh-58956: Fix a frame refleak in bdb (GH-128190) (#128953) 2025-01-17 14:19:37 -05:00
pickle.py [3.12] gh-126489: Do not call persistent_id() for a persistent id in Python pickle (GH-126490) (GH-126516) 2024-11-06 21:11:37 +00:00
pickletools.py [3.12] gh-126997: Fix support of non-ASCII strings in pickletools (GH-127062) (GH-127095) 2024-11-21 11:32:16 +00:00
pipes.py
pkgutil.py gh-97850: Deprecate find_loader and get_loader in pkgutil (GH-98520) 2023-05-03 16:11:54 -07:00
platform.py gh-127732: Add Windows Server 2025 detection to platform module (GH-127733) 2024-12-09 12:42:37 +00:00
plistlib.py gh-101992: update pstlib module documentation (#102133) 2023-03-04 13:35:25 -08:00
poplib.py [3.12] gh-130637: Add validation for numeric response data in stat() method (GH-130646) (#130764) 2025-03-02 15:05:46 -05:00
posixpath.py [3.12] gh-136065: Fix quadratic complexity in os.path.expandvars() (GH-134952) (GH-140847) 2025-10-31 17:50:42 +01:00
pprint.py [3.12] [pprint]: Add docstring about PrettyPrinter.underscore_numbers parameter (GH-112963) (#113053) 2023-12-13 12:38:07 +00:00
profile.py gh-103935: Use io.open_code() when executing code in trace and profile modules (GH-103947) 2023-04-27 20:29:35 +00:00
pstats.py [3.12] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122013) 2024-07-19 09:08:33 +00:00
pty.py gh-96522: Fix deadlock in pty.spawn (#96639) 2023-05-19 13:22:43 +00:00
py_compile.py
pyclbr.py
pydoc.py [3.12] gh-128772: Fix pydoc for methods with __module__ is None (GH-129177) (GH-129654) 2025-02-04 14:44:02 +00:00
queue.py
quopri.py bpo-45975: Simplify some while-loops with walrus operator (GH-29347) 2022-11-26 14:33:25 -08:00
random.py [3.12] gh-130285: Fix handling of zero or empty counts in random.sample() (gh-130291) (gh-130417) 2025-02-21 17:48:46 +00:00
reprlib.py [3.12] gh-113570: reprlib.repr does not use builtin __repr__ for reshadowed builtins (GH-113577) (GH-125655) 2024-10-17 16:59:01 +00:00
rlcompleter.py
runpy.py [3.12] gh-99437: runpy: decode path-like objects before setting globals (#114838) 2024-08-12 11:22:13 +03:00
sched.py [3.12] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122013) 2024-07-19 09:08:33 +00:00
secrets.py gh-99305: Speed up secrets.token_hex() ~2x (#99306) 2022-11-11 14:45:24 -08:00
selectors.py [3.12] gh-110038: KqueueSelector must count all read/write events (GH-110039) (#110043) 2023-10-02 17:42:55 +02:00
shelve.py
shlex.py bpo-45975: Simplify some while-loops with walrus operator (GH-29347) 2022-11-26 14:33:25 -08:00
shutil.py [3.12] gh-127001: Fix PATHEXT issues in shutil.which() on Windows (GH-127035) (GH-127158) 2024-11-22 16:33:50 +00:00
signal.py [3.12] gh-112559: Avoid unnecessary conversion attempts to enum_klass in signal.py (GH-113040) (#113443) 2023-12-23 18:09:59 -08:00
site.py [3.12] gh-126911: Update credits output (GH-126913) (#126974) 2024-11-18 15:58:22 +00:00
smtplib.py bpo-45975: Simplify some while-loops with walrus operator (GH-29347) 2022-11-26 14:33:25 -08:00
sndhdr.py gh-85525: Indicate supported sound header formats (#21575) 2022-10-15 09:30:05 -04:00
socket.py [3.12] gh-128916: Do not set SO_REUSEPORT on non-AF_INET* sockets (GH-128933) (#128970) 2025-01-18 01:06:45 +00:00
socketserver.py [3.12] gh-128916: Do not set SO_REUSEPORT on non-AF_INET* sockets (GH-128933) (#128970) 2025-01-18 01:06:45 +00:00
sre_compile.py
sre_constants.py
sre_parse.py
ssl.py [3.12] gh-79846: Make ssl.create_default_context() ignore invalid certificates (GH-91740) (#122769) 2024-08-09 12:55:36 -04:00
stat.py
statistics.py [3.12] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122013) 2024-07-19 09:08:33 +00:00
string.py
stringprep.py
struct.py
subprocess.py [3.12] gh-118761: Revert "Improve import time of subprocess (GH-129427)" (GH-130201) (#130205) 2025-02-16 18:56:18 +00:00
sunau.py
symtable.py [3.12] gh-119698: fix a special case in symtable.Class.get_methods (GH-121802) (#121910) 2024-07-17 22:32:29 +00:00
sysconfig.py [3.12] GH-92897: schedule the check_home deprecation to 3.15 (GH-129102) (#130585) 2025-02-27 18:17:08 +00:00
tabnanny.py [3.12] gh-120495: Fix incorrect exception handling in Tab Nanny (GH-120498) (#120549) 2024-06-15 11:21:05 +00:00
tarfile.py [3.12] gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027) (#137171) 2025-08-04 13:45:06 +02:00
telnetlib.py [3.12] gh-118042: Fix error in Telnet.__del__ when __init__() was not called (GH-118274) 2024-04-26 08:53:54 +03:00
tempfile.py [3.12] gh-127371 Avoid unbounded growth SpooledTempfile.writelines (GH-127372) (#130885) 2025-03-05 18:42:35 +01:00
textwrap.py
this.py
threading.py [3.12] gh-129403: Fix ValueError messages in asyncio.Barrier and threading.Barrier (GH-129419) (#129469) 2025-01-30 08:28:06 +00:00
timeit.py [3.12] gh-105052:update timeit function's description (GH-105060) (#108534) 2023-08-27 16:15:01 +02:00
token.py [3.12] gh-127303: Add docs for token.EXACT_TOKEN_TYPES (GH-127304) (#127391) 2024-11-29 09:22:27 +00:00
tokenize.py [3.12] gh-125553: Fix backslash continuation in untokenize (GH-126010) (#130579) 2025-02-27 21:57:13 +00:00
trace.py [3.12] gh-103956: Fix trace output in case of missing source line (GH-103958) (GH-118832) 2024-05-09 12:51:03 +00:00
traceback.py [3.12] gh-130250: fix regression in traceback.print_last (GH-130318) (#130326) 2025-02-19 22:01:32 +00:00
tracemalloc.py
tty.py [3.12] gh-114328: tty cbreak mode should not alter ICRNL (GH-114335) (#114410) 2024-01-21 23:41:03 +00:00
turtle.py [3.12] Fix print usage in turtle doctests (GH-122940) (#122978) 2024-08-13 16:58:37 +00:00
types.py [3.12] gh-107576: Ensure __orig_bases__ are our own in get_original_bases (GH-107584) (#107592) 2023-08-03 17:07:43 +02:00
typing.py [3.12] gh-88834: Unify the instance check for typing.Union and types.UnionType (GH-128363) (GH-128371) 2024-12-31 08:19:45 +00:00
uu.py gh-99889: Fix directory traversal security flaw in uu.decode() (#104096) 2023-05-09 16:01:58 +00:00
uuid.py gh-104396: uuid.py to skip platform check for emscripten and wasi (gh-104397) 2023-05-12 07:45:55 +09:00
warnings.py [3.12] gh-129843: fix pure Python implementation of warnings.warn_explicit (GH-129848) (#131350) 2025-03-17 12:19:09 +01:00
wave.py [3.12] gh-105096: Reformat wave documentation (#105136) (#105138) 2023-05-31 12:04:21 +00:00
weakref.py
webbrowser.py [3.12] gh-123494: Improve documentation for `webbrowser` return types (GH-123495) (#123549) 2024-09-01 05:36:18 +00:00
xdrlib.py bpo-45975: Simplify some while-loops with walrus operator (GH-29347) 2022-11-26 14:33:25 -08:00
zipapp.py
zipimport.py [3.12] gh-121735: Fix module-adjacent references in zip files (gh-123037) (#124011) 2024-09-24 10:19:43 -07:00