- gh-87389: http.server: Fix an open redirection vulnerability
in the HTTP server when an URI path starts with //.
Vulnerability discovered, and initial fix proposed, by Hamza
Avvan.
- gh-92888: Fix memoryview use after free when accessing the
backing buffer in certain cases.
- gh-95355: _PyPegen_Parser_New now properly detects token
memory allocation errors. Patch by Honglin Zhu.
- gh-94938: Fix error detection in some builtin functions when
keyword argument name is an instance of a str subclass with
overloaded __eq__ and __hash__. Previously it could cause
SystemError or other undesired behavior.
- gh-94949: ast.parse() will no longer parse parenthesized
context managers when passed feature_version less than
(3, 9). Patch by Shantanu Jain.
- gh-94947: ast.parse() will no longer parse assignment
expressions when passed feature_version less than
(3, 8). Patch by Shantanu Jain.
- gh-94869: Fix the column offsets for some expressions in
multi-line f-strings ast nodes. Patch by Pablo Galindo.
- gh-91153: Fix an issue where a bytearray item assignment
could crash if it’s resized by the new value’s __index__()
method.
- gh-94329: Compile and run code with unpacking of extremely
large sequences (1000s of elements). Such code failed to
compile. It now compiles and runs correctly.
- gh-94360: Fixed a tokenizer crash when reading encoded
files with syntax errors from stdin with non utf-8 encoded
text. Patch by Pablo Galindo
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=49
