From 24579c2a0183ba37a5397efe939fed73844b0959 Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith [Google LLC]" Date: Tue, 16 Mar 2021 03:56:31 +0000 Subject: [PATCH 1/2] bpo-43285: Add a What's New entry for 3.9.3. --- Doc/whatsnew/3.9.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Doc/whatsnew/3.9.rst b/Doc/whatsnew/3.9.rst index 3086930569dc98..2820e1931a9e06 100644 --- a/Doc/whatsnew/3.9.rst +++ b/Doc/whatsnew/3.9.rst @@ -1529,3 +1529,12 @@ separator key, with ``&`` as the default. This change also affects functions internally. For more details, please see their respective documentation. (Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin in :issue:`42967`.) + +Notable changes in Python 3.9.3 +=============================== + +A security fix alters the :class:`ftplib.FTP` behavior to not trust the +IPv4 address sent from the remote server when setting up a passive data +channel. We reuse the ftp servers IP address instead. For unusual code +requiring the old behavior, set a ``trust_server_pasv_ipv4_address`` +attribute on your FTP instance to ``True``. (See :issue:`43285`) From d74aba0c76519da907295e6fa318de15b6575076 Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith" Date: Mon, 15 Mar 2021 21:36:28 -0700 Subject: [PATCH 2/2] typo --- Doc/whatsnew/3.9.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Doc/whatsnew/3.9.rst b/Doc/whatsnew/3.9.rst index 2820e1931a9e06..4cb49406d6b777 100644 --- a/Doc/whatsnew/3.9.rst +++ b/Doc/whatsnew/3.9.rst @@ -1535,6 +1535,6 @@ Notable changes in Python 3.9.3 A security fix alters the :class:`ftplib.FTP` behavior to not trust the IPv4 address sent from the remote server when setting up a passive data -channel. We reuse the ftp servers IP address instead. For unusual code +channel. We reuse the ftp server IP address instead. For unusual code requiring the old behavior, set a ``trust_server_pasv_ipv4_address`` attribute on your FTP instance to ``True``. (See :issue:`43285`)