Skip to content

gh-144125: email: verify headers are sound in BytesGenerator#144126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sethmlarson merged 3 commits into from
Jan 23, 2026
Merged

gh-144125: email: verify headers are sound in BytesGenerator #144126

sethmlarson merged 3 commits into from
Jan 23, 2026
+23 −3

Conversation

@sethmlarson
Copy link
Contributor

@sethmlarsonsethmlarson commented Jan 21, 2026
edited
Loading

GH-122233 added an implementation to Generator to refuse to serialize (write) headers that are unsafely folded or delimited.

This revision adds the same implementation to BytesGenerator, so it gets the same safety protections for unsafely folded or delimited headers

@sethmlarsonsethmlarson requested a review from a team as a code ownerJanuary 21, 2026 19:15
@sethmlarsonsethmlarson added type-security A security issue stdlib Standard Library Python modules in the Lib/ directory topic-email labels Jan 21, 2026
@bedevere-appbedevere-appbot mentioned this pull request Jan 21, 2026
Open
@beledouxdenis@encukou
@basbloemsaat@sethmlarson
pythongh-144125: email: verify headers are sound in BytesGenerator
1132e45
pythonGH-122233 added an implementation to `Generator` to refuse to serialize (write) headers that are unsafely folded or delimited. This revision adds the same implementation to `BytesGenerator`, so it gets the same safety protections for unsafely folded or delimited headers Co-authored-by: Denis Ledoux <[email protected]> Co-authored-by: Petr Viktorin <[email protected]> Co-authored-by: Bas Bloemsaat <[email protected]>
@sethmlarsonsethmlarsonforce-pushed the email-verify-headers-in-bytesgenerator branch from cd41a69 to 1132e45CompareJanuary 21, 2026 19:17
bitdancer
bitdancer requested changes Jan 21, 2026
View reviewed changes
@bedevere-app
Copy link

bedevere-appbot commented Jan 21, 2026

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

And if you don't make the requested changes, you will be poked with soft cushions!

@sethmlarson
Copy link
ContributorAuthor

sethmlarson commented Jan 22, 2026

@bitdancer I have made the requested changes; please review again

@bedevere-app
Copy link

bedevere-appbot commented Jan 22, 2026

Thanks for making the requested changes!

@bitdancer: please review the changes made to this pull request.

@sethmlarsonsethmlarson merged commit 052e55e into python:mainJan 23, 2026
92 of 100 checks passed
@sethmlarsonsethmlarson deleted the email-verify-headers-in-bytesgenerator branch January 23, 2026 14:59
@sethmlarsonsethmlarson added needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes labels Jan 23, 2026
@sethmlarsonsethmlarson added the needs backport to 3.14 bugs and security fixes label Jan 23, 2026
@miss-islington-app
Copy link

miss-islington-appbot commented Jan 23, 2026

Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.10.
🐍🍒⛏🤖

@miss-islington-app
Copy link

miss-islington-appbot commented Jan 23, 2026

Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13.
🐍🍒⛏🤖

@miss-islington-app
Copy link

miss-islington-appbot commented Jan 23, 2026

Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖 I'm not a witch! I'm not a witch!

@sethmlarsonsethmlarson added needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes and removed needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Jan 23, 2026
@miss-islington-app
Copy link

miss-islington-appbot commented Jan 23, 2026

Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.12.
🐍🍒⛏🤖

@miss-islington-app
Copy link

miss-islington-appbot commented Jan 23, 2026

Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.11.
🐍🍒⛏🤖

@hugovkhugovk removed needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes labels Jan 26, 2026
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bitdancerbitdancerbitdancer approved these changes

Assignees

No one assigned

Labels

stdlibStandard Library Python modules in the Lib/ directorytopic-emailtype-securityA security issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sethmlarson@bitdancer@hugovk@beledouxdenis