https://github.com/python/cpython/commit/920a1c30dd547548c79744994164c48557cc0688 commit: 920a1c30dd547548c79744994164c48557cc0688 branch: 3.9 author: Ćukasz Langa <luk...@langa.pl> committer: ambv <luk...@langa.pl> date: 2025-06-03T20:33:38+02:00 summary:
Reword 3.9.23 notable changes to reflect status of backports files: M Doc/whatsnew/3.9.rst diff --git a/Doc/whatsnew/3.9.rst b/Doc/whatsnew/3.9.rst index 8196f76f1e294a..18bdf386085e8e 100644 --- a/Doc/whatsnew/3.9.rst +++ b/Doc/whatsnew/3.9.rst @@ -1670,9 +1670,10 @@ Notable changes in 3.9.23 os.path ------- -* The *strict* parameter to :func:`os.path.realpath` accepts a new value, - :data:`os.path.ALLOW_MISSING`. - If used, errors other than :exc:`FileNotFoundError` will be re-raised; +* The *strict* parameter was backported to :func:`os.path.realpath` to + allow for ``tarfile`` to use it for security vulnerability mitigation. + In particular, when *strict* is set to :data:`os.path.ALLOW_MISSING`, + errors other than :exc:`FileNotFoundError` will be re-raised; the resulting path can be missing but it will be free of symlinks. (Contributed by Petr Viktorin for CVE 2025-4517.) _______________________________________________ Python-checkins mailing list -- python-checkins@python.org To unsubscribe send an email to python-checkins-le...@python.org https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: arch...@mail-archive.com
