Skip to content

[3.10] gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) #104119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 9, 2023
Merged

[3.10] gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) #104119

merged 1 commit into from
May 9, 2023

Conversation

miss-islington
Copy link
Contributor

@miss-islington miss-islington commented May 3, 2023
edited by bedevere-bot
Loading

Do not expose the local server's on-disk location from SimpleHTTPRequestHandler when generating a directory index. (unnecessary information disclosure)

(cherry picked from commit c7c3a60)

Co-authored-by: Ethan Furman [email protected]
Co-authored-by: Gregory P. Smith [email protected]
Co-authored-by: Jelle Zijlstra [email protected]

@ethanfurman @gpshead
@JelleZijlstra @miss-islington
pythongh-104049: do not expose on-disk location from SimpleHTTPReques…
7222d2e 
…tHandler (pythonGH-104067)

Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure)

---------

(cherry picked from commit c7c3a60)

Co-authored-by: Ethan Furman <[email protected]>
Co-authored-by: Gregory P. Smith <[email protected]>
Co-authored-by: Jelle Zijlstra <[email protected]>
This was referenced May 3, 2023
Closed
Merged
@bedevere-bot bedevere-bot added the type-security A security issue label May 3, 2023
@gpshead gpshead enabled auto-merge (squash) May 3, 2023 03:46
@gpshead gpshead closed this May 9, 2023
auto-merge was automatically disabled May 9, 2023 15:03

Pull request was closed

@gpshead gpshead reopened this May 9, 2023
@gpshead gpshead enabled auto-merge (squash) May 9, 2023 15:04
@gpshead gpshead merged commit d77e77c into python:3.10 May 9, 2023
@miss-islington miss-islington deleted the backport-c7c3a60-3.10 branch May 9, 2023 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type-security A security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@miss-islington @gpshead @bedevere-bot @ethanfurman