|
mTLS connection with Strings/Buffers
|
|
5
|
74
|
June 24, 2025
|
|
Python 3.13.x SSL security changes
|
|
11
|
2410
|
June 13, 2025
|
|
Announcement: 2FA now required for PyPI
|
|
26
|
1705
|
April 24, 2025
|
|
Reviews requested for email security fixes
|
|
0
|
142
|
December 2, 2024
|
|
The Python Software Foundation has been authorized by the CVE Program as a CVE Numbering Authority (CNA)
|
|
6
|
2258
|
November 20, 2024
|
|
Securely parsing XML with expat 2.6.0 or later
|
|
0
|
76
|
August 3, 2024
|
|
Typosquatting, dependency confusion, supply chain attack, call it as you wish
|
|
12
|
1152
|
May 6, 2024
|
|
Pip must notify people that they have been compromised by a malicious package
|
|
19
|
1952
|
May 1, 2024
|
|
Trying to understand security backport policy
|
|
7
|
668
|
April 25, 2024
|
|
Pathway to requiring OpenSSL 3 or newer in CPython?
|
|
10
|
1723
|
April 17, 2024
|
|
CPython, PyPI, and many Python packages are not affected by the backdoor of xz
|
|
6
|
3511
|
April 11, 2024
|
|
PyPI Malware Observation Report Outcomes - Private Preview
|
|
0
|
1171
|
March 20, 2024
|
|
Create and distribute Software Bill-of-Materials (SBOM) for Python artifacts
|
|
29
|
5856
|
February 7, 2024
|
|
Python maillibs don't verify server certificates by default, which is documented behavior, but several open source projects failed to do this right and I like to see this fixed
|
|
13
|
1636
|
February 5, 2024
|
|
How to hide or remove sensitive data from getting exposed in memory dump?
|
|
2
|
772
|
January 30, 2024
|
|
Announcement: 2FA Requirement for PyPI 2024-01-01
|
|
0
|
2939
|
December 11, 2023
|
|
`ssl`: changing the default `SSLContext.verify_flags`?
|
|
16
|
4280
|
November 28, 2023
|
|
How to word a warning about security uses in `urllib.parse` docs
|
|
15
|
1749
|
May 3, 2023
|
|
Using SourceRank score to warn or limit packages
|
|
17
|
1463
|
April 30, 2023
|
|
Sprint recording: Dustin Ingram on Open Source Security for CPython
|
|
4
|
554
|
October 20, 2023
|