diff options
| author | Jason R. Coombs <jaraco@jaraco.com> | 2019-01-27 13:13:57 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-27 13:13:57 -0500 |
| commit | 0425790c7d2d60ebd0e576796d07288a43fcaf0c (patch) | |
| tree | 41c3e4caeb4d3e452bbadcf771a3056ab9f561c1 /changelog.d | |
| parent | 97e8ad4f5ff7793729e9c8be38e0901e3ad8d09e (diff) | |
| parent | 6636302f735d94fe91b83469f1610e4112a91838 (diff) | |
| download | external_python_setuptools-0425790c7d2d60ebd0e576796d07288a43fcaf0c.tar.gz external_python_setuptools-0425790c7d2d60ebd0e576796d07288a43fcaf0c.tar.bz2 external_python_setuptools-0425790c7d2d60ebd0e576796d07288a43fcaf0c.zip | |
Merge pull request #1640 from pypa/bugfix/1635-disallow-parent-paths
Disallow parent path traversal in resource paths, part 1 (deprecation)
Diffstat (limited to 'changelog.d')
| -rw-r--r-- | changelog.d/1635.change.rst | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/1635.change.rst b/changelog.d/1635.change.rst new file mode 100644 index 00000000..d23f3fe3 --- /dev/null +++ b/changelog.d/1635.change.rst @@ -0,0 +1 @@ +Resource paths are passed to ``pkg_resources.resource_string`` and similar no longer accept paths that traverse parents, that begin with a leading ``/``. Violations of this expectation raise DeprecationWarnings and will become errors. Additionally, any paths that are absolute on Windows are strictly disallowed and will raise ValueErrors. |