From b07acd79927f891466e331f818712d6e1e76714d Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith [Google LLC]" Date: Tue, 16 Mar 2021 03:54:44 +0000 Subject: [PATCH] bpo-43285: Whats New entry for 3.8.9. --- Doc/whatsnew/3.8.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Doc/whatsnew/3.8.rst b/Doc/whatsnew/3.8.rst index ce386c0556cc23..4fc5c5ac84ec6b 100644 --- a/Doc/whatsnew/3.8.rst +++ b/Doc/whatsnew/3.8.rst @@ -2254,3 +2254,12 @@ The constant values of future flags in the :mod:`__future__` module are updated in order to prevent collision with compiler flags. Previously ``PyCF_ALLOW_TOP_LEVEL_AWAIT`` was clashing with ``CO_FUTURE_DIVISION``. (Contributed by Batuhan Taskaya in :issue:`39562`) + +Notable changes in Python 3.8.9 +=============================== + +A security fix alters the :class:`ftplib.FTP` behavior to not trust the +IPv4 address sent from the remote server when setting up a passive data +channel. We reuse the ftp servers IP address instead. For unusual code +requiring the old behavior, set a ``trust_server_pasv_ipv4_address`` +attribute on your FTP instance to ``True``. (See :issue:`43285`)