#37053: Add validate=True to base64.b64decode() calls
-------------------------------------+-------------------------------------
Reporter: Sarah | Owner: Sarah Boyce
Boyce |
Type: | Status: assigned
Cleanup/optimization |
Component: Core | Version: dev
(Other) |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Following the recent Python CVE
https://www.cve.org/CVERecord?id=CVE-2026-3446, the security team agreed
there is no reason (to our knowledge) we shouldn't be using
`validate=True` in our `base64.b64decode()` calls.
--
Ticket URL: <https://code.djangoproject.com/ticket/37053>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019daac83941-22083fd2-597f-481b-9278-8dcbca3638bc-000000%40eu-central-1.amazonses.com.
