From: Ned Deily Date: Sat, 8 Jul 2017 04:49:40 +0000 (-0400) Subject: Update for post-3.6.2rc2 X-Git-Tag: v3.6.3rc1~252 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=03e0df66b8ce0a8d980eb2092b7c6464d26db14e;p=python Update for post-3.6.2rc2 --- diff --git a/Include/patchlevel.h b/Include/patchlevel.h index b4996d55ec..0c82f5c0db 100644 --- a/Include/patchlevel.h +++ b/Include/patchlevel.h @@ -20,10 +20,10 @@ #define PY_MINOR_VERSION 6 #define PY_MICRO_VERSION 2 #define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_GAMMA -#define PY_RELEASE_SERIAL 1 +#define PY_RELEASE_SERIAL 2 /* Version as a string */ -#define PY_VERSION "3.6.2rc1+" +#define PY_VERSION "3.6.2rc2+" /*--end constants--*/ /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2. diff --git a/Misc/NEWS b/Misc/NEWS index 89876f8fa2..3c16a66e6f 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -21,6 +21,21 @@ Library - bpo-30746: Prohibited the '=' character in environment variable names in ``os.putenv()`` and ``os.spawn*()``. +- bpo-29755: Fixed the lgettext() family of functions in the gettext module. + They now always return bytes. + + +What's New in Python 3.6.2 release candidate 2? +=============================================== + +*Release date: 2017-07-07* + +Core and Builtins +----------------- + +Library +------- + - [Security] bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments. @@ -33,9 +48,6 @@ Library doesn't impact Python, since Python already gets entropy from the OS to set the expat secret using ``XML_SetHashSalt()``. -- bpo-29755: Fixed the lgettext() family of functions in the gettext module. - They now always return bytes. - - [Security] bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, ``splithost('//127.0.0.1#@evil.com/')`` now correctly returns the ``127.0.0.1`` host, instead of treating ``@evil.com``