Opened 5 years ago

Closed 5 years ago

#31234 closed Bug (wontfix)

Increase entropy for 1.11's make_msgid() randint component

Reported by: Brad Owned by: nobody
Component: Core (Mail) Version: 1.11
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Django 1.11 copies CPython's make_msgid (https://github.com/django/django/blob/stable/1.11.x/django/core/mail/message.py)

However, it is missing a recent change that increases the number of bits used in the random integer part of the identifier to avoid a hash collision.

Ref:

The 1.11 implementation of make_msgid() could be updated to reflect this upstream change.

Note that this does not affect Django 2.x or 3.x because they use email.utils directly.

Change History (2)

comment:2 by Nick Pope, 5 years ago

Resolution: wontfix
Status: newclosed

Django 1.11 is only receiving fixes for security issues and data loss bugs. It will also be end-of-life in April 2020.

Please see the documentation regarding supported versions.

As of version 2.0, Django makes use of make_msgid() from the standard library (9e917cc29181ad32abc21488ee70e739ce805f3a).

Note: See TracTickets for help on using tickets.
Back to Top