Dain Dwarf <daindw...@gmail.com> added the comment:
Hello, kind of new here. I just wanted to note that the issue that lead to Tchap's security attack still exists in the non-deprecated message_from_string function: email.message_from_string('From: a...@malicious.org@important.com', policy=email.policy.default)['from'].addresses (Address(display_name='', username='a', domain='malicious.org'),) So, deprecating parseaddr is not enough for security purpose, unless there is another ticket for the new email API. ---------- nosy: +Dain Dwarf _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue34155> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com