[Python-checkins] [3.13] gh-118658: Return consistent types from `get_un/verified_chain` in `SSLObject` and `SSLSocket` (GH-118669) (#123082)

https://github.com/python/cpython/commit/21399a096302ea577efd9a12c2f08b4458d095bd commit: 21399a096302ea577efd9a12c2f08b4458d095bd branch: 3.13 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2024-08-19T10:39:28-05:00 summary:

[Python-checkins] [3.13] gh-131261: Update libexpat to 2.7.0 (CVE-2024-8176)

https://github.com/python/cpython/commit/6af54d298d5135302037cdda7a1f5535e48cb1b6 commit: 6af54d298d5135302037cdda7a1f5535e48cb1b6 branch: 3.13 author: Petr Viktorin committer: sethmlarson date: 2025-03-17T09:44:28-05:00 summary: [3.13] gh-131261: Update libexpat to 2.7.0 (CVE-2024-8176

[Python-checkins] [3.12] gh-139330: Check expat version/checksum in SBOM with refresh.sh

https://github.com/python/cpython/commit/ade85bc5f4092723383885079742d8d4fdf74f1c commit: ade85bc5f4092723383885079742d8d4fdf74f1c branch: 3.12 author: Seth Michael Larson committer: sethmlarson date: 2025-09-26T17:23:04Z summary: [3.12] gh-139330: Check expat version/checksum in SBOM with

[Python-checkins] gh-139330: Check expat version/checksum in SBOM with refresh.sh

https://github.com/python/cpython/commit/89b5571025a5316ea3855c8e595a5f3c3ae11f8f commit: 89b5571025a5316ea3855c8e595a5f3c3ae11f8f branch: main author: Seth Michael Larson committer: sethmlarson date: 2025-09-25T17:13:45Z summary: gh-139330: Check expat version/checksum in SBOM with refresh.sh

[Python-checkins] [3.13] gh-139330: Check expat version/checksum in SBOM with refresh.sh

https://github.com/python/cpython/commit/11d6c460b86f0d9dfa1bca2d8496c4c700f15e1c commit: 11d6c460b86f0d9dfa1bca2d8496c4c700f15e1c branch: 3.13 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2025-09-25T18:05:09Z summary: [3.

[Python-checkins] [3.14] gh-139330: Check expat version/checksum in SBOM with refresh.sh

https://github.com/python/cpython/commit/7519ac294fc5c4fd7fb9cb8dc0edc960688cf887 commit: 7519ac294fc5c4fd7fb9cb8dc0edc960688cf887 branch: 3.14 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2025-09-25T18:30:14Z summary: [3.

[Python-checkins] gh-143916: Allow HTAB in wsgiref header values

https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6 commit: 66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6 branch: main author: Seth Michael Larson committer: sethmlarson date: 2026-02-12T20:40:21Z summary: gh-143916: Allow HTAB in wsgiref header values Co-authored-by

[Python-checkins] [3.13] gh-74453: Add stronger security warning to os.path.commonprefix

https://github.com/python/cpython/commit/5e888993e42b7791219e4d19dbec5043dbbf880e commit: 5e888993e42b7791219e4d19dbec5043dbbf880e branch: 3.13 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2026-02-03T14:16:28Z summary: [3.

[Python-checkins] [3.14] gh-74453: Add stronger security warning to os.path.commonprefix

https://github.com/python/cpython/commit/eb0790f2d79e0bead89ca5e42e9005a311f928d4 commit: eb0790f2d79e0bead89ca5e42e9005a311f928d4 branch: 3.14 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2026-02-03T14:28:39Z summary: [3.

[Python-checkins] [3.10] gh-74453: Add stronger security warning to os.path.commonprefix

https://github.com/python/cpython/commit/e3109d6267cb78b534ca22681230dfb06f4c127c commit: e3109d6267cb78b534ca22681230dfb06f4c127c branch: 3.10 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2026-02-03T14:29:13Z summary: [3.

[Python-checkins] [3.11] gh-74453: Add stronger security warning to os.path.commonprefix

https://github.com/python/cpython/commit/11a1e4e07924089c5fd9987306fa9dbdc78ef56a commit: 11a1e4e07924089c5fd9987306fa9dbdc78ef56a branch: 3.11 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2026-02-03T14:29:07Z summary: [3.

[Python-checkins] [3.12] gh-74453: Add stronger security warning to os.path.commonprefix

https://github.com/python/cpython/commit/276b9f2ea2da29313619eacfc677e6e907a67889 commit: 276b9f2ea2da29313619eacfc677e6e907a67889 branch: 3.12 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2026-02-03T14:29:02Z summary: [3.

[Python-checkins] gh-144484: Warn users not to use wsgiref in production

https://github.com/python/cpython/commit/7e777c587f01434ac5eea3d63d096f191278dad2 commit: 7e777c587f01434ac5eea3d63d096f191278dad2 branch: main author: Seth Michael Larson committer: sethmlarson date: 2026-02-05T15:43:39Z summary: gh-144484: Warn users not to use wsgiref in production files: M

[Python-checkins] [3.10] gh-144484: Warn users not to use wsgiref in production

https://github.com/python/cpython/commit/e1a8a0393cd0869b72b6be559a2b145f1ff8c169 commit: e1a8a0393cd0869b72b6be559a2b145f1ff8c169 branch: 3.10 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2026-02-05T18:46:25Z summary: [3.

[Python-checkins] [3.12] gh-144484: Warn users not to use wsgiref in production

https://github.com/python/cpython/commit/dc353959be7d365049bdc865f65cb369418c03f4 commit: dc353959be7d365049bdc865f65cb369418c03f4 branch: 3.12 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2026-02-05T18:46:21Z summary: [3.

[Python-checkins] [3.11] gh-144484: Warn users not to use wsgiref in production

https://github.com/python/cpython/commit/ee902ce9e44b1f710a08369f4bf584d4d312ecd1 commit: ee902ce9e44b1f710a08369f4bf584d4d312ecd1 branch: 3.11 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2026-02-05T18:46:36Z summary: [3.

[Python-checkins] [3.12] gh-144125: email: verify headers are sound in BytesGenerator

https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a commit: e417f05ad77a4c30ddc07f99e90fc0cef43e831a branch: 3.12 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2026-02-13T16:04:54Z summary: [3.

[Python-checkins] gh-143919: Reject control characters in http cookies

https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70 commit: 95746b3a13a985787ef53b977129041971ed7f70 branch: main author: Seth Michael Larson committer: sethmlarson date: 2026-01-20T21:23:42Z summary: gh-143919: Reject control characters in http cookies Co

[Python-checkins] [3.11] gh-143916: Reject control characters in wsgiref.headers.Headers

https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995 commit: e4846a93ac07a8ae9aa18203af0dd13d6e7a6995 branch: 3.11 author: Gregory P. Smith <[email protected]> committer: sethmlarson date: 2026-01-20T22:51:58Z summary: [3.11] gh-143916:

[Python-checkins] [3.10] gh-143916: Reject control characters in wsgiref.headers.Headers

https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2 commit: 2f840249550e082dc351743f474ba56da10478d2 branch: 3.10 author: Gregory P. Smith <[email protected]> committer: sethmlarson date: 2026-01-20T22:51:43Z summary: [3.10] gh-143916:

[Python-checkins] gh-144125: email: verify headers are sound in BytesGenerator

https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413 commit: 052e55e7d44718fe46cbba0ca995cb8fcc359413 branch: main author: Seth Michael Larson committer: sethmlarson date: 2026-01-23T14:59:35Z summary: gh-144125: email: verify headers are sound in BytesGenerator Co

[Python-checkins] gh-143921: Reject control characters in IMAP commands

https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b45 commit: 6262704b134db2a4ba12e85ecfbd968534f28b45 branch: main author: Seth Michael Larson committer: sethmlarson date: 2026-01-20T20:45:42Z summary: gh-143921: Reject control characters in IMAP commands files: A

[Python-checkins] gh-143925: Reject control characters in data: URL mediatypes

https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f commit: f25509e78e8be6ea73c811ac2b8c928c28841b9f branch: main author: Seth Michael Larson committer: sethmlarson date: 2026-01-20T20:45:58Z summary: gh-143925: Reject control characters in data: URL mediatypes

[Python-checkins] gh-143923: Reject control characters in POP3 commands

https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874e7 commit: b234a2b67539f787e191d2ef19a7cbdce32874e7 branch: main author: Seth Michael Larson committer: sethmlarson date: 2026-01-20T20:46:32Z summary: gh-143923: Reject control characters in POP3 commands files: A

[Python-checkins] gh-141707: Skip TarInfo DIRTYPE normalization during GNU long name handling

https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab commit: 42d754e34c06e57ad6b8e7f92f32af679912d8ab branch: main author: Seth Michael Larson committer: sethmlarson date: 2026-03-11T13:47:55Z summary: gh-141707: Skip TarInfo DIRTYPE normalization during GNU long

[Python-checkins] Expand `fuzz_pycompile.dict` for new syntax

https://github.com/python/cpython/commit/40095d526bd8ddbabee0603c2b502ed6807e5f4d commit: 40095d526bd8ddbabee0603c2b502ed6807e5f4d branch: main author: Stan Ulbrych <[email protected]> committer: sethmlarson date: 2026-03-15T18:54:20-05:00 summary:

[Python-checkins] Add GitHub team for maintaining fuzzers

https://github.com/python/cpython/commit/805ca4f292ef18b89a2d25246feb916973acec64 commit: 805ca4f292ef18b89a2d25246feb916973acec64 branch: main author: Seth Michael Larson committer: sethmlarson date: 2026-03-11T13:51:25Z summary: Add GitHub team for maintaining fuzzers Co-authored-by: Stan

[Python-checkins] gh-148022: Add threat model to remote debugging docs (#148024)

https://github.com/python/cpython/commit/edab6860a7d6c49b5d5762e1c094aa0261245a9c commit: edab6860a7d6c49b5d5762e1c094aa0261245a9c branch: main author: Pablo Galindo Salgado committer: sethmlarson date: 2026-04-03T14:20:50Z summary: gh-148022: Add threat model to remote debugging docs (#148024

[Python-checkins] [3.14] gh-148022: Add threat model to remote debugging docs (GH-148024) (#148039)

https://github.com/python/cpython/commit/3d49e490e21efaa5ed251c26726f6a9052151a0e commit: 3d49e490e21efaa5ed251c26726f6a9052151a0e branch: 3.14 author: Miss Islington (bot) <[email protected]> committer: sethmlarson date: 2026-04-03T14:34:36Z summary: [3.

[Python-checkins] gh-146211: Reject CR/LF in HTTP tunnel request headers (#146212)

https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69 commit: 05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69 branch: main author: Seth Larson committer: sethmlarson date: 2026-04-10T15:21:42Z summary: gh-146211: Reject CR/LF in HTTP tunnel request headers (#146212) Co

[Python-checkins] gh-143930: Reject leading dashes in webbrowser URLs

https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b commit: 82a24a4442312bdcfc4c799885e8b3e00990f02b branch: main author: Seth Michael Larson committer: sethmlarson date: 2026-03-20T14:47:13Z summary: gh-143930: Reject leading dashes in webbrowser URLs files: A

[Python-checkins] gh-146488: hash-pin all action references

https://github.com/python/cpython/commit/a504c0a590b9379688e4718225efb361b94cc4a1 commit: a504c0a590b9379688e4718225efb361b94cc4a1 branch: main author: William Woodruff committer: sethmlarson date: 2026-04-01T12:46:19Z summary: gh-146488: hash-pin all action references Signed-off-by: William

[Python-checkins] Increase dependabot interval to quarterly (#147959)

https://github.com/python/cpython/commit/07d5d724849b08442a5e6a54b987e43e038c18b1 commit: 07d5d724849b08442a5e6a54b987e43e038c18b1 branch: main author: Stan Ulbrych committer: sethmlarson date: 2026-04-01T12:46:57Z summary: Increase dependabot interval to quarterly (#147959) files: M .github

[Python-checkins] gh-90309: Base64-encode cookie values embedded in JS

https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104 commit: 76b3923d688c0efc580658476c5f525ec8735104 branch: main author: Seth Larson committer: sethmlarson date: 2026-04-22T19:22:31Z summary: gh-90309: Base64-encode cookie values embedded in JS files: A Misc