[Django] #37053: Add validate=True to base64.b64decode() calls
3 views
Skip to first unread message
Django
Apr 20, 2026, 8:05:49 AM (11 days ago) Apr 20
to django-...@googlegroups.com
#37053: Add validate=True to base64.b64decode() calls
-------------------------------------+-------------------------------------
Reporter: Sarah | Owner: Sarah Boyce
Boyce |
Type: | Status: assigned
Cleanup/optimization |
Component: Core | Version: dev
(Other) |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Following the recent Python CVE
https://www.cve.org/CVERecord?id=CVE-2026-3446, the security team agreed
there is no reason (to our knowledge) we shouldn't be using
`validate=True` in our `base64.b64decode()` calls.
--
Ticket URL: <https://code.djangoproject.com/ticket/37053>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
-------------------------------------+-------------------------------------
Reporter: Sarah | Owner: Sarah Boyce
Boyce |
Type: | Status: assigned
Cleanup/optimization |
Component: Core | Version: dev
(Other) |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Following the recent Python CVE
https://www.cve.org/CVERecord?id=CVE-2026-3446, the security team agreed
there is no reason (to our knowledge) we shouldn't be using
`validate=True` in our `base64.b64decode()` calls.
--
Ticket URL: <https://code.djangoproject.com/ticket/37053>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Apr 20, 2026, 8:09:13 AM (11 days ago) Apr 20
to django-...@googlegroups.com
#37053: Add validate=True to base64.b64decode() calls
-------------------------------------+-------------------------------------
Reporter: Sarah Boyce | Owner: Sarah
-------------------------------------+-------------------------------------
Type: | Boyce
Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sarah Boyce):
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* has_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/37053#comment:1>
Django
Apr 20, 2026, 12:53:34 PM (10 days ago) Apr 20
to django-...@googlegroups.com
#37053: Add validate=True to base64.b64decode() calls
-------------------------------------+-------------------------------------
Reporter: Sarah Boyce | Owner: Sarah
Type: | Boyce
Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
-------------------------------------+-------------------------------------
Reporter: Sarah Boyce | Owner: Sarah
Type: | Boyce
Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Unreviewed => Accepted
Comment:
Thank you!
--
Ticket URL: <https://code.djangoproject.com/ticket/37053#comment:2>
Django
Apr 29, 2026, 5:26:45 PM (yesterday) Apr 29
to django-...@googlegroups.com
#37053: Add validate=True to base64.b64decode() calls
-------------------------------------+-------------------------------------
Reporter: Sarah Boyce | Owner: Sarah
Type: | Boyce
Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
-------------------------------------+-------------------------------------
Reporter: Sarah Boyce | Owner: Sarah
Type: | Boyce
Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Jacob Walls):
-------------------------------------+-------------------------------------
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/37053#comment:3>
Django
3:18 PM (6 hours ago) 3:18 PM
to django-...@googlegroups.com
#37053: Add validate=True to base64.b64decode() calls
-------------------------------------+-------------------------------------
Reporter: Sarah Boyce | Owner: Sarah
Type: | Boyce
Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
-------------------------------------+-------------------------------------
Reporter: Sarah Boyce | Owner: Sarah
Type: | Boyce
Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sarah Boyce):
-------------------------------------+-------------------------------------
* needs_better_patch: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/37053#comment:4>
Reply all
Reply to author
Forward
0 new messages