- Tests
- gh-127906: Test the limited C API in test_cppext. Patch by
Victor Stinner.
- gh-127906: Backport test_cext from the main branch. Patch
by Victor Stinner.
- gh-127637: Add tests for the dis command-line
interface. Patch by Bénédikt Tran.
- Security
- gh-105704: When using urllib.parse.urlsplit() and
urllib.parse.urlparse() host parsing would not reject
domain names containing square brackets ([ and ]). Square
brackets are only valid for IPv6 and IPvFuture hosts
according to RFC 3986 Section 3.2.2. (CVE-2025-0938,
bsc#1236705)
- gh-127655: Fixed the
asyncio.selector_events._SelectorSocketTransport
transport not pausing writes for the protocol when
the buffer reaches the high water mark when using
asyncio.WriteTransport.writelines() (CVE-2024-12254,
bsc#1234290).
- gh-126108: Fix a possible NULL pointer dereference in
PySys_AddWarnOptionUnicode().
- gh-80222: Fix bug in the folding of quoted strings
when flattening an email message using a modern email
policy. Previously when a quoted string was folded so
that it spanned more than one line, the surrounding
quotes and internal escapes would be omitted. This could
theoretically be used to spoof header lines using a
carefully constructed quoted string if the resulting
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=94
