STINNER Victor <vstin...@python.org> added the comment:
> In this case, having it off by default goes further to prevent breakage PyYAML was unsafe by default: it allowed to execute arbitary Python code by default. It took years to change the default to "safe". I don't think that adding a parameter for opt-in for security is a good approach. An application can use ipaddress internally without being aware of using it, if it's done by a third party module. It's hard to prevent security vulnerabilities if people have to "opt-in" for security. I prefer to break code and force people to manually get back the old behavior. It's better to make 90% safe by default but make 10% of people unhappy. It's uncommon to pass IPv4 addresses with leading zeros. If you want to tolerate leading zeros, you don't have to modify the ipaddress for that, you can pre-process your inputs: it works on any Python version with or without the fix. >>> def reformat_ip(address): return '.'.join(part.lstrip('0') if part != '0' >>> else part for part in address.split('.')) ... >>> reformat_ip('0127.0.0.1') '127.0.0.1' Or with an explicit loop for readability: def reformat_ip(address): parts = [] for part in address.split('.'): if part != "0": part = part.lstrip('0') parts.append(part) return '.'.join(parts) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue36384> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com