Sakamakon kuskure lokacin shirya caching a cikin tsarin isar da abun ciki, lokacin ƙoƙarin zazzage ɗaya daga cikin majalisai. Jiya kafin jiya gyara gyara Ginin samfoti wanda bai ƙunshi duk gyare-gyare ba. Matsala ajiya kawai , taro rarraba daidai.
Duk masu amfani waɗanda suka zazzage fayil ɗin "Python-3.5.8.tar.xz" a cikin sa'o'i 12 na farko bayan fitowar ana shawartar su duba daidaitattun bayanan da aka sauke ta amfani da checksum (MD5 4464517ed6044bca4fc78ea9ed086c36). Ba kamar sakin ƙarshe ba, sigar samfoti ba ta haɗa ba rauni a cikin lambar uwar garken XML-RPC. Rashin lahani ya ba da izinin allurar JavaScript (XSS) ta hanyar filin uwar garken_title saboda rashin tserewa madaidaicin kusurwa. Mai hari zai iya cimma canjin JavaScript idan aikace-aikacen ya saita sunan uwar garke bisa shigar da mai amfani (misali, "server.set_server_name('test) ’)»).
source: budenet.ru