python/python-Jinja2
SHA256
15
0
Fork 0
forked from pool/python-Jinja2
Code Pull Requests Activity

- update to 3.1.4 (bsc#1223980, CVE-2024-34064):

Browse Source 
* The xmlattr filter does not allow keys with / solidus, >
    greater-than sign, or = equals sign, in addition to disallowing
    spaces. Regardless of any validation done by Jinja, user input
    should never be used as keys to this filter, or must be separately
    validated first.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Jinja2?expand=0&rev=110
This commit is contained in:
Dirk Mueller
2024-05-06 18:11:54 +00:00
committed by Git OBS Bridge
parent b48e3e3f2d
commit 3e785a3c5f
4 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
python-Jinja2.changes
View File

@@ -1,3 +1,13 @@
-------------------------------------------------------------------
Mon May 6 18:10:40 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 3.1.4 (bsc#1223980, CVE-2024-34064):
* The xmlattr filter does not allow keys with / solidus, >
greater-than sign, or = equals sign, in addition to disallowing
spaces. Regardless of any validation done by Jinja, user input
should never be used as keys to this filter, or must be separately
validated first.
-------------------------------------------------------------------
Mon Jan 29 10:10:29 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>