[issue38216] Fix for issue30458 prevents crafting invalid requests
Ammar Askar
report at bugs.python.org
Fri Sep 20 00:22:10 EDT 2019
Ammar Askar <ammar at ammaraskar.com> added the comment:
> What bothers me here is that we apparently changed de facto behavior between maintenance releases, in the middle of 3.7's lifecycle, without warning, no doubt because we didn't realize it would break third-party packages.
Arguably, I think the programs that are affected by this vulnerability far outnumber the amount of third-party packages that will be broken. The trade-off here seems to be between the promise of compatibility and the promise of security, choosing compatibility strikes me as odd.
----------
nosy: +ammar2
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38216>
_______________________________________
More information about the Python-bugs-list
mailing list