|
Reviews requested for email security fixes
|
|
0
|
130
|
December 2, 2024
|
|
The Python Software Foundation has been authorized by the CVE Program as a CVE Numbering Authority (CNA)
|
|
6
|
2237
|
November 20, 2024
|
|
Securely parsing XML with expat 2.6.0 or later
|
|
0
|
63
|
August 3, 2024
|
|
Typosquatting, dependency confusion, supply chain attack, call it as you wish
|
|
12
|
1051
|
May 6, 2024
|
|
Pip must notify people that they have been compromised by a malicious package
|
|
19
|
1835
|
May 1, 2024
|
|
Trying to understand security backport policy
|
|
7
|
658
|
April 25, 2024
|
|
Pathway to requiring OpenSSL 3 or newer in CPython?
|
|
10
|
1560
|
April 17, 2024
|
|
CPython, PyPI, and many Python packages are not affected by the backdoor of xz
|
|
6
|
3478
|
April 11, 2024
|
|
PyPI Malware Observation Report Outcomes - Private Preview
|
|
0
|
1156
|
March 20, 2024
|
|
Create and distribute Software Bill-of-Materials (SBOM) for Python artifacts
|
|
29
|
5755
|
February 7, 2024
|
|
Python maillibs don't verify server certificates by default, which is documented behavior, but several open source projects failed to do this right and I like to see this fixed
|
|
13
|
1551
|
February 5, 2024
|
|
How to hide or remove sensitive data from getting exposed in memory dump?
|
|
2
|
699
|
January 30, 2024
|
|
Announcement: 2FA now required for PyPI
|
|
13
|
1313
|
January 5, 2024
|
|
Announcement: 2FA Requirement for PyPI 2024-01-01
|
|
0
|
2937
|
December 11, 2023
|
|
`ssl`: changing the default `SSLContext.verify_flags`?
|
|
16
|
3582
|
November 28, 2023
|
|
How to word a warning about security uses in `urllib.parse` docs
|
|
15
|
1700
|
May 3, 2023
|
|
Using SourceRank score to warn or limit packages
|
|
17
|
1425
|
April 30, 2023
|
|
Sprint recording: Dustin Ingram on Open Source Security for CPython
|
|
4
|
554
|
October 20, 2023
|