Read Time:33 Second
FEDORA-2023-6c030b3c71
Packages in this update:
python-fastapi-0.92.0-1.fc39
python-starlette-0.25.0-1.fc39
Update description:
python-starlette 0.25.0
Fixed
Limit the number of fields and files when parsing multipart/form-data on the MultipartParser
python-fastapi 0.92.0
🚨 This is a security fix. Please upgrade as soon as possible.
Upgrades
⬆ Upgrade Starlette to 0.25.0.
This solves a vulnerability that could allow denial of service attacks by using many small multipart fields/files (parts), consuming high CPU and memory.
Only applications using forms (e.g. file uploads) could be affected.
For most cases, upgrading won’t have any breaking changes.