mirror of
https://git.yoctoproject.org/poky
synced 2026-02-06 00:38:45 +01:00
2c53b198ed
Release Date: Feb. 19, 2021 Note: The release you're looking at is Python 3.8.8, a bugfix release for the legacy 3.8 series. Python 3.9 is now the latest feature release series of Python 3. Notable changes in Python 3.8.8 Earlier Python versions allowed using both ; and & as query parameter separators in urllib.parse.parse_qs() and urllib.parse.parse_qsl(). Due to security concerns, and to conform with newer W3C recommendations, this has been changed to allow only a single separator key, with & as the default. This change also affects cgi.parse() and cgi.parse_multipart() as they use the affected functions internally. For more details, please see their respective documentation. (Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin in bpo-42967.) License-Update: update copyright years Drop patches fixed in 3.8.8: - CVE-2021-3177 Fixes: CVE: CVE-2021-3426 CVE: CVE-2021-23336 References: https://www.python.org/downloads/release/python-388/ https://docs.python.org/release/3.8.8/whatsnew/changelog.html#changelog https://docs.python.org/3/whatsnew/3.8.html#notable-changes-in-python-3-8-8 https://nvd.nist.gov/vuln/detail/CVE-2021-3177 https://nvd.nist.gov/vuln/detail/CVE-2021-3426 (From OE-Core rev: fdfc3340b58e1af0c231eedaa07358f7d9c6483e) Signed-off-by: Tim Orling <timothy.t.orling@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>