1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
1.4.0 -- 2020-04-07
-------------------
Security
~~~~~~~~
- Prevent users from receiving an invalid authority parsed from a malicious
URL. Previously we did not stop parsing the authority section at the first
backslash (``\\``) character. As a result, it was possible to trick our
parser into parsing up to the first forward-slash (``/``) and thus
generating an invalid authority.
See also `GitHub pr-64`_ and `the blog post that sparked this change`_
Bug Fixes and Features
~~~~~~~~~~~~~~~~~~~~~~
- Add ``from_uri`` to ``URIBuilder`` to allow creation of a ``URIBuilder``
from an existing URI.
See also `GitHub pr-63`_
- Fix a typographical error in our documentation.
See also `GitHub pr-61`_
.. links
.. _GitHub pr-61:
https://github.com/python-hyper/rfc3986/pull/61
.. _GitHub pr-63:
https://github.com/python-hyper/rfc3986/pull/63
.. _GitHub pr-64:
https://github.com/python-hyper/rfc3986/pull/64
.. _the blog post that sparked this change:
https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/
|
