[Checkins] [zopefoundation/RestrictedPython] 6ab9e1: Security issue: Ship with a default implementation...
GitHub
noreply at github.com
Fri Sep 15 10:32:56 CEST 2017
Branch: refs/heads/master
Home: https://github.com/zopefoundation/RestrictedPython
Commit: 6ab9e10f39f6008eea68aaf1933d7ce4c92e1893
https://github.com/zopefoundation/RestrictedPython/commit/6ab9e10f39f6008eea68aaf1933d7ce4c92e1893
Author: Michael Howitz <mh at gocept.com>
Date: 2017-09-15 (Fri, 15 Sep 2017)
Changed paths:
M docs/CHANGES.rst
M src/RestrictedPython/Guards.py
M src/RestrictedPython/README.rst
M src/RestrictedPython/_compat.py
M tests/test_Guards.py
Log Message:
-----------
Security issue: Ship with a default implementation for _getattr_ (#83)
* Security issue: Ships with a default implementation for ``_getattr_``
It prevents from using the ``format()`` method on str/unicode as it is not
safe, see: http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
More information about the checkins
mailing list