Add versionchanged to parseaddr, add What's New.

gpshead · gpshead · commit f96a3ff86a6d · 2023-07-10T15:23:09.000-07:00
diff --git a/Doc/library/email.utils.rst b/Doc/library/email.utils.rst
@@ -65,6 +65,11 @@ of the new API.
    *email address* parts.  Returns a tuple of that information, unless the parse
    fails, in which case a 2-tuple of ``('', '')`` is returned.
 
+   .. versionchanged:: 3.12
+      For security reasons, addresses that were ambiguous and could parse into
+      multiple different addresses now cause ``('', '')`` to be returned
+      instead of only one of the *potential* addresses.
+
 
 .. function:: formataddr(pair, charset='utf-8')
 
diff --git a/Doc/whatsnew/3.12.rst b/Doc/whatsnew/3.12.rst
@@ -564,6 +564,14 @@ dis
   :data:`~dis.hasarg` collection instead.
   (Contributed by Irit Katriel in :gh:`94216`.)
 
+email
+-----
+
+* :func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now return
+  ``('', '')`` 2-tuples in more situations where invalid email addresses are
+  encountered instead of potentially inaccurate values.
+  (Contributed by Thomas Dwyer for :gh:`102988` to ameliorate CVE-2023-27043.)
+
 fractions
 ---------
 
