[issue41712] REDoS in purge
Steve Dower
report at bugs.python.org
Fri Sep 4 12:30:12 EDT 2020
Steve Dower <steve.dower at python.org> added the comment:
I've considered DoSing myself a few times, but then change my mind and just publish the release :)
A PR to change it to "(\d+\.\d+\.\d+)([a-zA-Z]+\d+)?$" would be fine, but is not urgent. It certainly doesn't need to be backported, as this is only ever used from master these days.
Personally I'd be just as happy closing the issue. I know that the current script works, and there's nothing worse than breaking a release because someone has changed the release scripts without testing them properly.
----------
versions: -Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41712>
_______________________________________
More information about the Python-bugs-list
mailing list