[Checkins] [zopefoundation/RestrictedPython] 294279: Security issue: Ships with a default implementatio...
GitHub
noreply at github.com
Thu Sep 14 16:46:13 CEST 2017
Branch: refs/heads/fix-format2
Home: https://github.com/zopefoundation/RestrictedPython
Commit: 2942795f0f72708c0a53d0a8d560390ab41f26bf
https://github.com/zopefoundation/RestrictedPython/commit/2942795f0f72708c0a53d0a8d560390ab41f26bf
Author: Michael Howitz <mh at gocept.com>
Date: 2017-09-14 (Thu, 14 Sep 2017)
Changed paths:
M docs/CHANGES.rst
M src/RestrictedPython/Guards.py
M src/RestrictedPython/README.rst
M src/RestrictedPython/_compat.py
M tests/test_Guards.py
Log Message:
-----------
Security issue: Ships with a default implementation for ``_getattr_``
It prevents from using the ``format()`` method on str/unicode as it is not
safe, see: http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
More information about the checkins
mailing list