Security fix for CVE-2020-8492
This protects urllib HTTP clients against Regular Expression Denial of Service (ReDoS) attacks performed by a malicious server. Note that there is a change in behavior in handling responses with multiple WWW-Authenticate headers (which are quite rare; also Python's old behavior in these cases was definitely not correct).
Please login to add feedback.
This update has been submitted for testing by pviktori.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
This update can be pushed to stable now if the maintainer wishes
May I push this in?
This update has been submitted for stable by pviktori.
Oops, I missed the notification. Pushed now.
This update has been pushed to stable.