https://github.com/python/cpython/commit/39ea593cbbd800757cbb93e4be3fa79af84e5c8c
commit: 39ea593cbbd800757cbb93e4be3fa79af84e5c8c
branch: main
author: Hugo van Kemenade <[email protected]>
committer: hugovk <[email protected]>
date: 2025-06-24T11:08:23+03:00
summary:
gh-123299: Update 'What's New in Python 3.14' from `3.14` branch (#135616)
files:
M Doc/whatsnew/3.14.rst
diff --git a/Doc/whatsnew/3.14.rst b/Doc/whatsnew/3.14.rst
index 8b20e42d7d8e07..cbca720b75e96c 100644
--- a/Doc/whatsnew/3.14.rst
+++ b/Doc/whatsnew/3.14.rst
@@ -1757,6 +1757,16 @@ os
(Contributed by Cody Maloney in :gh:`129205`.)
+os.path
+-------
+
+* The *strict* parameter to :func:`os.path.realpath` accepts a new value,
+ :data:`os.path.ALLOW_MISSING`.
+ If used, errors other than :exc:`FileNotFoundError` will be re-raised;
+ the resulting path can be missing but it will be free of symlinks.
+ (Contributed by Petr Viktorin for :cve:`2025-4517`.)
+
+
pathlib
-------
@@ -1945,6 +1955,28 @@ sysconfig
(Contributed by Xuehai Pan in :gh:`131799`.)
+tarfile
+-------
+
+* :func:`~tarfile.data_filter` now normalizes symbolic link targets in order to
+ avoid path traversal attacks.
+ (Contributed by Petr Viktorin in :gh:`127987` and :cve:`2025-4138`.)
+* :func:`~tarfile.TarFile.extractall` now skips fixing up directory attributes
+ when a directory was removed or replaced by another kind of file.
+ (Contributed by Petr Viktorin in :gh:`127987` and :cve:`2024-12718`.)
+* :func:`~tarfile.TarFile.extract` and :func:`~tarfile.TarFile.extractall`
+ now (re-)apply the extraction filter when substituting a link (hard or
+ symbolic) with a copy of another archive member, and when fixing up
+ directory attributes.
+ The former raises a new exception, :exc:`~tarfile.LinkFallbackError`.
+ (Contributed by Petr Viktorin for :cve:`2025-4330` and :cve:`2024-12718`.)
+* :func:`~tarfile.TarFile.extract` and :func:`~tarfile.TarFile.extractall`
+ no longer extract rejected members when
+ :func:`~tarfile.TarFile.errorlevel` is zero.
+ (Contributed by Matt Prodani and Petr Viktorin in :gh:`112887`
+ and :cve:`2025-4435`.)
+
+
threading
---------
@@ -2700,6 +2732,7 @@ New features
* :c:func:`PyUnicodeWriter_Discard`
* :c:func:`PyUnicodeWriter_Finish`
* :c:func:`PyUnicodeWriter_Format`
+ * :c:func:`PyUnicodeWriter_WriteASCII`
* :c:func:`PyUnicodeWriter_WriteChar`
* :c:func:`PyUnicodeWriter_WriteRepr`
* :c:func:`PyUnicodeWriter_WriteStr`
@@ -2976,7 +3009,7 @@ Deprecated
:c:func:`PyUnicodeWriter_WriteSubstring(writer, str, start, end)
<PyUnicodeWriter_WriteSubstring>`.
* :c:func:`!_PyUnicodeWriter_WriteASCIIString`:
replace ``_PyUnicodeWriter_WriteASCIIString(&writer, str)`` with
- :c:func:`PyUnicodeWriter_WriteUTF8(writer, str)
<PyUnicodeWriter_WriteUTF8>`.
+ :c:func:`PyUnicodeWriter_WriteASCII(writer, str)
<PyUnicodeWriter_WriteASCII>`.
* :c:func:`!_PyUnicodeWriter_WriteLatin1String`:
replace ``_PyUnicodeWriter_WriteLatin1String(&writer, str)`` with
:c:func:`PyUnicodeWriter_WriteUTF8(writer, str)
<PyUnicodeWriter_WriteUTF8>`.
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
