Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork34k
gh-143923: Reject control characters in POP3 commands#143924
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
gh-143923: Reject control characters in POP3 commands#143924
Conversation
bitdancer commentedJan 16, 2026
Here I have a backward compatibility concern. While the RFC makes it clear that non-printables other than space are not acceptable in commands, I can imagine people using passwords with things like tab and backspace in them, and while that would violate the RFC, it would currentlywork, and this would break that. What do you think? Note that since this is the client side, this is not, IMO, a security issue, it's more of an RFC conformance issue. |
Yhg1s commentedJan 19, 2026
Yeah, I agree. This is fine on main but I'm not sure I'd backport it, even as a bugfix. |
sethmlarson commentedJan 20, 2026
For now we'll hold off on backporting this PR as they are potentially breaking some existing behavior. |
b234a2b intopython:mainUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.