python/python-aiohttp
SHA256
15
0
Fork 0
forked from pool/python-aiohttp
Code Pull Requests Activity

+ Check for ASCII in header values

Browse Source 
(bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-aiohttp?expand=0&rev=167
This commit is contained in:
Steve Kowalik
2026-01-09 04:18:59 +00:00
committed by Git OBS Bridge
parent a7f866bb6b
commit d5e817803c
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python-aiohttp.changes
View File

@@ -6,6 +6,8 @@ Fri Jan 9 01:40:14 UTC 2026 - Steve Kowalik <steven.kowalik@suse.com>
+ Brotli and brotlicffi minimum version is now 1.2. Decompression now has
a default maximum output size of 32MiB per decompress call
(bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg)
+ Check for ASCII in header values
(bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2)
+ Forbid non-ASCII decimals in the Range header
(bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8)
+ Reject static URLs that traverse outside static root