[Checkins] [zopefoundation/RestrictedPython] 6ab9e1: Security issue: Ship with a default implementation...
GitHub
noreply at github.com
Fri Sep 15 11:00:00 CEST 2017
Branch: refs/heads/utilities-tests
Home: https://github.com/zopefoundation/RestrictedPython
Commit: 6ab9e10f39f6008eea68aaf1933d7ce4c92e1893
https://github.com/zopefoundation/RestrictedPython/commit/6ab9e10f39f6008eea68aaf1933d7ce4c92e1893
Author: Michael Howitz <mh at gocept.com>
Date: 2017-09-15 (Fri, 15 Sep 2017)
Changed paths:
M docs/CHANGES.rst
M src/RestrictedPython/Guards.py
M src/RestrictedPython/README.rst
M src/RestrictedPython/_compat.py
M tests/test_Guards.py
Log Message:
-----------
Security issue: Ship with a default implementation for _getattr_ (#83)
* Security issue: Ships with a default implementation for ``_getattr_``
It prevents from using the ``format()`` method on str/unicode as it is not
safe, see: http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
Commit: 7aceb8c987e817119ff4c532ea1bb7bbf2a2f1b0
https://github.com/zopefoundation/RestrictedPython/commit/7aceb8c987e817119ff4c532ea1bb7bbf2a2f1b0
Author: Daniel Havlik <dh at gocept.com>
Date: 2017-09-15 (Fri, 15 Sep 2017)
Changed paths:
M docs/CHANGES.rst
M src/RestrictedPython/Guards.py
M src/RestrictedPython/README.rst
M src/RestrictedPython/_compat.py
M tests/test_Guards.py
Log Message:
-----------
Merge branch 'master' into utilities-tests
Compare: https://github.com/zopefoundation/RestrictedPython/compare/69fdc2e062af...7aceb8c987e8
More information about the checkins
mailing list