Opened 5 years ago
Closed 5 years ago
#31234 closed Bug (wontfix)
Increase entropy for 1.11's make_msgid() randint component
| Reported by: | Brad | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Mail) | Version: | 1.11 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Django 1.11 copies CPython's make_msgid (https://github.com/django/django/blob/stable/1.11.x/django/core/mail/message.py)
However, it is missing a recent change that increases the number of bits used in the random integer part of the identifier to avoid a hash collision.
Ref:
- https://bugs.python.org/issue6598
- https://github.com/python/cpython/commit/ae760c0a2ccd5557bfd915c947dfbcd3ed64fd60#diff-9150fb3cb06040b8e09b07aeae5de8c3
- https://hg.python.org/cpython/rev/933addbc7041
The 1.11 implementation of make_msgid() could be updated to reflect this upstream change.
Note that this does not affect Django 2.x or 3.x because they use email.utils directly.
Change History (2)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Django 1.11 is only receiving fixes for security issues and data loss bugs. It will also be end-of-life in April 2020.
Please see the documentation regarding supported versions.
As of version 2.0, Django makes use of make_msgid() from the standard library (9e917cc29181ad32abc21488ee70e739ce805f3a).
PR: https://github.com/django/django/pull/12416