Thanks for checking and asking! On Python 2, the email address with "i without dot" isn't a valid email address according to the EmailValidator and thus shouldn't be in your database in the first place.
Cheers, /Markus On Wed, Dec 18, 2019, at 11:23 AM, Sam Willis wrote: > Hi, > > It looks to me like this has introduced a slight behaviour difference > with 1.11 on python 2.7 than on 3.x: > > https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2#diff-e840e362abe9e625eee52d91897400bdR36 > > The release notes don't indicate what the difference in behaviour is > between python 2 and 3. > > I'm trying to follow the change and test cases but it looks like if you > have two users '[email protected]' and 'mı[email protected]' (which is > highly unlikely anyway to happen legitimately) neither can reset their > password anymore on py2? > > See: > https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2#diff-d4ef44f66fdc7127c6178eee0fdcaf57R697 > > > I'm guessing this was found after the similar GitHub vulnerability was found? > > Thanks for the hard work! > > On Wednesday, December 18, 2019 at 9:23:35 AM UTC, Mariusz Felisiak > wrote:Details are available on the Django project weblog: > > > > https://www.djangoproject.com/weblog/2019/dec/18/security-releases/ > > > > -- > You received this message because you are subscribed to the Google > Groups "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/5cde448c-7631-472f-857f-168bd872fe3e%40googlegroups.com > > <https://groups.google.com/d/msgid/django-developers/5cde448c-7631-472f-857f-168bd872fe3e%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/d7e03a11-10c3-4f7b-9932-2a9e0497e318%40www.fastmail.com.
