Python 3.6.2 发布了,Python 3.6.2 是 Python 3.6 的第二个维护版本,新版提供了错误修复和文档更新。
更新内容:
Core and Builtins
Library
防止在 Windows 上的子进程中注入环境变量。防止传递其他环境变量和命令参数。
将 expat 副本从 2.2.0 升级到 2.2.1 以获得多个安全漏洞的修复,包括:CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os-specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
修复 urllib.parse.splithost() 以正确解析片段。For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host).
软件详情:http://blog.python.org/2017/07/python-362-is-now-available.html
下载地址:https://www.python.org/downloads/
来自:开源中国社区
