)]}'
{
  "commit": "57e88c1cf95e1481b94ae57abe1010469d47a6b4",
  "tree": "0344e27e14e7586c00756b0984291b4c33440eda",
  "parents": [
    "77632f085d0cec29c7576b8528849276109801a1"
  ],
  "author": {
    "name": "Stan Ulbrych",
    "email": "89152624+StanFromIreland@users.noreply.github.com",
    "time": "Mon Mar 16 13:43:43 2026"
  },
  "committer": {
    "name": "GitHub",
    "email": "noreply@github.com",
    "time": "Mon Mar 16 13:43:43 2026"
  },
  "message": "gh-145599, CVE 2026-3644: Reject control characters in `http.cookies.Morsel.update()` (#145600)\n\nReject control characters in `http.cookies.Morsel.update()` and `http.cookies.BaseCookie.js_output`.\n\nCo-authored-by: Victor Stinner \u003cvstinner@python.org\u003e\nCo-authored-by: Victor Stinner \u003cvictor.stinner@gmail.com\u003e",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "917280037d4dbbf1878607fd2e5dc927c9230d5e",
      "old_mode": 33188,
      "old_path": "Lib/http/cookies.py",
      "new_id": "769541116993c4625ae2ca1acfd784157753152e",
      "new_mode": 33188,
      "new_path": "Lib/http/cookies.py"
    },
    {
      "type": "modify",
      "old_id": "7d072d5fd67ca70bb4d754611f9ed5eb5a20649b",
      "old_mode": 33188,
      "old_path": "Lib/test/test_http_cookies.py",
      "new_id": "e2c7551c0b334165f09073fff3608fa02c75c26b",
      "new_mode": 33188,
      "new_path": "Lib/test/test_http_cookies.py"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "e53a932d12fcdc4bb71864b1939ac190fa5e1896",
      "new_mode": 33188,
      "new_path": "Misc/NEWS.d/next/Security/2026-03-06-17-03-38.gh-issue-145599.kchwZV.rst"
    }
  ]
}