Skip to content

[3.7] gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) #104122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 27, 2023
Merged

[3.7] gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) #104122

merged 2 commits into from
May 27, 2023

Conversation

miss-islington
Copy link
Contributor

@miss-islington miss-islington commented May 3, 2023
edited by bedevere-bot
Loading

Do not expose the local server's on-disk location from SimpleHTTPRequestHandler when generating a directory index. (unnecessary information disclosure)

(cherry picked from commit c7c3a60)

Co-authored-by: Ethan Furman ethan@stoneleaf.us
Co-authored-by: Gregory P. Smith greg@krypto.org
Co-authored-by: Jelle Zijlstra jelle.zijlstra@gmail.com

@ethanfurman @gpshead
@JelleZijlstra @miss-islington
pythongh-104049: do not expose on-disk location from SimpleHTTPReques…
249a115 
…tHandler (pythonGH-104067)

Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure)

---------

(cherry picked from commit c7c3a60)

Co-authored-by: Ethan Furman <ethan@stoneleaf.us>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
This was referenced May 3, 2023
Closed
Merged
@bedevere-bot bedevere-bot added the type-security A security issue label May 3, 2023
@arhadthedev
Copy link
Member

Is there anything preventing the 3.7-3.9 backports from being merged?

@ned-deily
Copy link
Member

Not to worry, they'll get merged before the next security releases.

@ned-deily ned-deily merged commit 4e2dd0c into python:3.7 May 27, 2023
@miss-islington miss-islington deleted the backport-c7c3a60-3.7 branch May 27, 2023 06:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ned-deily ned-deily

Labels
release-blocker type-security A security issue
Projects
Release and Deferred blockers 🚫
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@miss-islington @arhadthedev @ned-deily @gpshead @bedevere-bot @ethanfurman