python/python-sqlparse
SHA256
14
0
Fork 0
forked from pool/python-sqlparse
Code Pull Requests Activity

- Update to 0.4.4:

Browse Source 
* IMPORTANT: This release fixes a security vulnerability in
    the parser where a regular expression vulnerable to ReDOS
    (Regular Expression Denial of Service) was used. See the
    security advisory for details (CVE-2023-30608, bsc#1210617,
    https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2)
    The vulnerability was discovered by @erik-krogh from GitHub
    Security Lab (GHSL). Thanks for reporting!
  * Revert a change from 0.4.0 that changed IN to be a comparison
    (issue694).  The primary expectation is that IN is treated as
    a keyword and not as a comparison operator. That also follows
    the definition of reserved keywords for the major SQL syntax
    definitions.
  * Fix regular expressions for string parsing.
  * sqlparse now uses pyproject.toml instead of setup.cfg
    (issue685).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-sqlparse?expand=0&rev=29
This commit is contained in:
Matej Cepl
2023-05-25 16:30:01 +00:00
committed by Git OBS Bridge
parent 2e479a6918
commit 302070b8d2
4 changed files with 33 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
python-sqlparse.changes
View File

@@ -1,3 +1,23 @@
-------------------------------------------------------------------
Thu May 25 16:21:05 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Update to 0.4.4:
* IMPORTANT: This release fixes a security vulnerability in
the parser where a regular expression vulnerable to ReDOS
(Regular Expression Denial of Service) was used. See the
security advisory for details (CVE-2023-30608, bsc#1210617,
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2)
The vulnerability was discovered by @erik-krogh from GitHub
Security Lab (GHSL). Thanks for reporting!
* Revert a change from 0.4.0 that changed IN to be a comparison
(issue694). The primary expectation is that IN is treated as
a keyword and not as a comparison operator. That also follows
the definition of reserved keywords for the major SQL syntax
definitions.
* Fix regular expressions for string parsing.
* sqlparse now uses pyproject.toml instead of setup.cfg
(issue685).
-------------------------------------------------------------------
Mon Oct 3 16:01:20 UTC 2022 - Dirk Müller <dmueller@suse.com>