Python 3.6.2 release

Python 3.6.2 is released, Python 3.6.2 is the second maintenance version of Python 3.6, the new version provides bug fixes and document updates.

Change log:

Core and Builtins

Library

  • [Security] bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments.
  • [Security] bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os-specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
  • [Security] bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost(‘//127.0.0.1#@evil.com/’) now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification ([email protected]).
  • and more

Download

 

Leave a Reply

Your email address will not be published. Required fields are marked *