Reviews requested for email security fixes
|
|
0
|
124
|
December 2, 2024
|
The Python Software Foundation has been authorized by the CVE Program as a CVE Numbering Authority (CNA)
|
|
6
|
2217
|
November 20, 2024
|
Securely parsing XML with expat 2.6.0 or later
|
|
0
|
53
|
August 3, 2024
|
Typosquatting, dependency confusion, supply chain attack, call it as you wish
|
|
12
|
980
|
May 6, 2024
|
Pip must notify people that they have been compromised by a malicious package
|
|
19
|
1745
|
May 1, 2024
|
Trying to understand security backport policy
|
|
7
|
650
|
April 25, 2024
|
Pathway to requiring OpenSSL 3 or newer in CPython?
|
|
10
|
1437
|
April 17, 2024
|
CPython, PyPI, and many Python packages are not affected by the backdoor of xz
|
|
6
|
3413
|
April 11, 2024
|
PyPI Malware Observation Report Outcomes - Private Preview
|
|
0
|
1146
|
March 20, 2024
|
Create and distribute Software Bill-of-Materials (SBOM) for Python artifacts
|
|
29
|
5685
|
February 7, 2024
|
Python maillibs don't verify server certificates by default, which is documented behavior, but several open source projects failed to do this right and I like to see this fixed
|
|
13
|
1489
|
February 5, 2024
|
How to hide or remove sensitive data from getting exposed in memory dump?
|
|
2
|
663
|
January 30, 2024
|
Announcement: 2FA now required for PyPI
|
|
13
|
1259
|
January 5, 2024
|
Announcement: 2FA Requirement for PyPI 2024-01-01
|
|
0
|
2936
|
December 11, 2023
|
`ssl`: changing the default `SSLContext.verify_flags`?
|
|
16
|
3383
|
November 28, 2023
|
How to word a warning about security uses in `urllib.parse` docs
|
|
15
|
1668
|
May 3, 2023
|
Using SourceRank score to warn or limit packages
|
|
17
|
1411
|
April 30, 2023
|
Sprint recording: Dustin Ingram on Open Source Security for CPython
|
|
4
|
553
|
October 20, 2023
|