Skip to content

gh-144125: email: verify headers are sound in BytesGenerator #144126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sethmlarson merged 3 commits into from
Jan 23, 2026
Merged

gh-144125: email: verify headers are sound in BytesGenerator #144126

sethmlarson merged 3 commits into from
Jan 23, 2026
+23 −3

Conversation

@sethmlarson
Copy link
Contributor

@sethmlarson sethmlarson commented Jan 21, 2026
edited
Loading

GH-122233 added an implementation to Generator to refuse to serialize (write) headers that are unsafely folded or delimited.

This revision adds the same implementation to BytesGenerator, so it gets the same safety protections for unsafely folded or delimited headers

@sethmlarson sethmlarson requested a review from a team as a code owner January 21, 2026 19:15
@sethmlarson sethmlarson added type-security A security issue stdlib Standard Library Python modules in the Lib/ directory topic-email labels Jan 21, 2026
@bedevere-app bedevere-app bot mentioned this pull request Jan 21, 2026
Open
@sethmlarson sethmlarson requested a review from bitdancer January 21, 2026 19:16
@beledouxdenis @encukou
@basbloemsaat @sethmlarson
pythongh-144125: email: verify headers are sound in BytesGenerator
1132e45 
pythonGH-122233 added an implementation to `Generator`
to refuse to serialize (write) headers that
are unsafely folded or delimited.

This revision adds the same implementation
to `BytesGenerator`, so it gets the same safety protections
for unsafely folded or delimited headers

Co-authored-by: Denis Ledoux <5822488+beledouxdenis@users.noreply.github.com>
Co-authored-by: Petr Viktorin <302922+encukou@users.noreply.github.com>
Co-authored-by: Bas Bloemsaat <1586868+basbloemsaat@users.noreply.github.com>
@sethmlarson sethmlarson force-pushed the email-verify-headers-in-bytesgenerator branch from cd41a69 to 1132e45 Compare January 21, 2026 19:17
bitdancer
bitdancer requested changes Jan 21, 2026
View reviewed changes
@bedevere-app
Copy link

bedevere-app bot commented Jan 21, 2026

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

And if you don't make the requested changes, you will be poked with soft cushions!

@sethmlarson
Copy link
Contributor Author

sethmlarson commented Jan 22, 2026

@bitdancer I have made the requested changes; please review again

@bedevere-app
Copy link

bedevere-app bot commented Jan 22, 2026

Thanks for making the requested changes!

@bitdancer: please review the changes made to this pull request.

@bedevere-app bedevere-app bot requested a review from bitdancer January 22, 2026 15:18
@sethmlarson sethmlarson merged commit 052e55e into python:main Jan 23, 2026
92 of 100 checks passed
@sethmlarson sethmlarson deleted the email-verify-headers-in-bytesgenerator branch January 23, 2026 14:59
@sethmlarson sethmlarson added needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes labels Jan 23, 2026
@sethmlarson sethmlarson added the needs backport to 3.14 bugs and security fixes label Jan 23, 2026
@miss-islington-app
Copy link

miss-islington-app bot commented Jan 23, 2026

Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.10.
🐍🍒⛏🤖

@miss-islington-app
Copy link

miss-islington-app bot commented Jan 23, 2026

Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13.
🐍🍒⛏🤖

@miss-islington-app
Copy link

miss-islington-app bot commented Jan 23, 2026

Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖 I'm not a witch! I'm not a witch!

@sethmlarson sethmlarson added needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes and removed needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Jan 23, 2026
@miss-islington-app
Copy link

miss-islington-app bot commented Jan 23, 2026

Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.12.
🐍🍒⛏🤖

@miss-islington-app
Copy link

miss-islington-app bot commented Jan 23, 2026

Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.11.
🐍🍒⛏🤖

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bitdancer bitdancer bitdancer approved these changes

Assignees

No one assigned

Labels

needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes stdlib Standard Library Python modules in the Lib/ directory topic-email type-security A security issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sethmlarson @bitdancer @beledouxdenis