@@ -111,6 +111,14 @@ compatibility with older versions, see the :ref:`call-function-trio` section.
111111 Added the *text * parameter, as a more understandable alias of *universal_newlines *.
112112 Added the *capture_output * parameter.
113113
114+ ..versionchanged ::3.9.17
115+
116+ Changed Windows shell search order for ``shell=True ``. The current
117+ directory and ``%PATH% `` are replaced with ``%COMSPEC% `` and
118+ ``%SystemRoot%\System32\cmd.exe ``. As a result, dropping a
119+ malicious program named ``cmd.exe `` into a current directory no
120+ longer works.
121+
114122..class ::CompletedProcess
115123
116124 The return value from:func: `run `, representing a process that has finished.
@@ -468,6 +476,14 @@ functions.
468476 *executable * parameter accepts a bytes and:term: `path-like object `
469477 on Windows.
470478
479+ ..versionchanged ::3.9.17
480+
481+ Changed Windows shell search order for ``shell=True ``. The current
482+ directory and ``%PATH% `` are replaced with ``%COMSPEC% `` and
483+ ``%SystemRoot%\System32\cmd.exe ``. As a result, dropping a
484+ malicious program named ``cmd.exe `` into a current directory no
485+ longer works.
486+
471487 *stdin *, *stdout * and *stderr * specify the executed program's standard input,
472488 standard output and standard error file handles, respectively. Valid values
473489 are:data: `PIPE `,:data: `DEVNULL `, an existing file descriptor (a positive
@@ -1126,6 +1142,14 @@ calls these functions.
11261142 ..versionchanged ::3.3
11271143 *timeout * was added.
11281144
1145+ ..versionchanged ::3.9.17
1146+
1147+ Changed Windows shell search order for ``shell=True ``. The current
1148+ directory and ``%PATH% `` are replaced with ``%COMSPEC% `` and
1149+ ``%SystemRoot%\System32\cmd.exe ``. As a result, dropping a
1150+ malicious program named ``cmd.exe `` into a current directory no
1151+ longer works.
1152+
11291153..function ::check_call(args, *, stdin=None, stdout=None, stderr=None, \
11301154 shell=False, cwd=None, timeout=None, \
11311155 **other_popen_kwargs)
@@ -1158,6 +1182,14 @@ calls these functions.
11581182 ..versionchanged ::3.3
11591183 *timeout * was added.
11601184
1185+ ..versionchanged ::3.9.17
1186+
1187+ Changed Windows shell search order for ``shell=True ``. The current
1188+ directory and ``%PATH% `` are replaced with ``%COMSPEC% `` and
1189+ ``%SystemRoot%\System32\cmd.exe ``. As a result, dropping a
1190+ malicious program named ``cmd.exe `` into a current directory no
1191+ longer works.
1192+
11611193
11621194..function ::check_output(args, *, stdin=None, stderr=None, shell=False, \
11631195 cwd=None, encoding=None, errors=None, \
@@ -1213,6 +1245,14 @@ calls these functions.
12131245 ..versionadded ::3.7
12141246 *text * was added as a more readable alias for *universal_newlines *.
12151247
1248+ ..versionchanged ::3.9.17
1249+
1250+ Changed Windows shell search order for ``shell=True ``. The current
1251+ directory and ``%PATH% `` are replaced with ``%COMSPEC% `` and
1252+ ``%SystemRoot%\System32\cmd.exe ``. As a result, dropping a
1253+ malicious program named ``cmd.exe `` into a current directory no
1254+ longer works.
1255+
12161256
12171257.. _subprocess-replacements :
12181258