Context Navigation

← Previous Ticket
Next Ticket →

#37053 closed Cleanup/optimization (fixed)

Add validate=True to base64.b64decode() calls

Reported by:	Sarah Boyce	Owned by:	Sarah Boyce
Component:	Core (Other)	Version:	dev
Severity:	Normal	Keywords:
Cc:		Triage Stage:	Ready for checkin
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

Following the recent Python CVE https://www.cve.org/CVERecord?id=CVE-2026-3446, the security team agreed there is no reason (to our knowledge) we shouldn't be using validate=True in our base64.b64decode() calls.

Change History (6)

comment:1 by Sarah Boyce, 3 weeks ago

Has patch:	set

comment:2 by Natalia Bidart, 3 weeks ago

Triage Stage:	Unreviewed → Accepted

Thank you!

comment:3 by Jacob Walls, 2 weeks ago

Patch needs improvement:	set

comment:4 by Sarah Boyce, 13 days ago

Patch needs improvement:	unset

comment:5 by Jacob Walls, 9 days ago

Triage Stage:	Accepted → Ready for checkin

comment:6 by Jacob Walls <jacobtylerwalls@…>, 8 days ago

Resolution:	→ fixed
Status:	assigned → closed

In 57b23d1:

Fixed #37053 -- Added validate=True to base64.b64decode() calls.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues

Context Navigation

#37053 closed Cleanup/optimization (fixed)

Add validate=True to base64.b64decode() calls

Description

Change History (6)

comment:1 by Sarah Boyce, 3 weeks ago

comment:2 by Natalia Bidart, 3 weeks ago

comment:3 by Jacob Walls, 2 weeks ago

comment:4 by Sarah Boyce, 13 days ago

comment:5 by Jacob Walls, 9 days ago

comment:6 by Jacob Walls <jacobtylerwalls@…>, 8 days ago

Download in other formats:

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us