Skip to content

Commit a7c782c

Browse files
Add note on unexpected exceptions to CPython security policy (#1825)
Co-authored-by: Seth Larson <seth@python.org>
1 parent 2e95482 commit a7c782c

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

security/policy.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,8 @@ triggerable with data inputs that are reasonably sized for the use case.
4545
Availability vulnerabilities must also demonstrate an "upward" change in posture
4646
for the attacker, rather than a "lateral" one.
4747
This is to avoid handling performance improvements as security vulnerabilities.
48+
Exceptions are an expected part of control flow when processing inputs,
49+
therefore crashes resulting from unhandled exceptions are not security vulnerabilities.
4850

4951
Vulnerabilities in dependencies of Python (such as zlib, Tcl/Tk, or OpenSSL)
5052
are not vulnerabilities in Python unless Python's use of the dependency

0 commit comments

Comments
 (0)