5.4.0b2 release
This commit is contained in:
parent
a60f7a19c0
commit
539928ea80
12
CHANGES
12
CHANGES
|
@ -4,6 +4,18 @@ For a complete changelog, see:
|
|||
* https://github.com/yaml/pyyaml/commits/
|
||||
* https://bitbucket.org/xi/pyyaml/commits/
|
||||
|
||||
5.4b2 (2021-01-14)
|
||||
|
||||
* Update Copyright year to 2021
|
||||
|
||||
5.4b1 (2021-01-13)
|
||||
|
||||
* https://github.com/yaml/pyyaml/pull/407 -- build modernization, remove distutils, fix metadata, build wheels, CI to GHA
|
||||
* https://github.com/yaml/pyyaml/pull/472 -- fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
|
||||
* https://github.com/yaml/pyyaml/pull/441 -- fix memory leak in implicit resolver setup
|
||||
* https://github.com/yaml/pyyaml/pull/392 -- fix py2 copy support for timezone objects
|
||||
* https://github.com/yaml/pyyaml/pull/378 -- fix compatibility with Jython
|
||||
|
||||
5.3.1 (2020-03-18)
|
||||
|
||||
* https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor
|
||||
|
|
2
LICENSE
2
LICENSE
|
@ -1,4 +1,4 @@
|
|||
Copyright (c) 2017-2020 Ingy döt Net
|
||||
Copyright (c) 2017-2021 Ingy döt Net
|
||||
Copyright (c) 2006-2016 Kirill Simonov
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
|
|
|
@ -1,25 +1,37 @@
|
|||
From: Tina Müller <post@tinita.de>
|
||||
From: Ingy döt Net <ingy@ingy.net>
|
||||
To: python-list@python.org, python-announce@python.org, yaml-core@lists.sourceforge.net
|
||||
Subject: [ANN] PyYAML-5.3.1: YAML parser and emitter for Python
|
||||
Subject: [ANN] PyYAML-5.4b2: Linux and Mac users, please test!
|
||||
|
||||
=======================
|
||||
Announcing PyYAML-5.3.1
|
||||
Announcing PyYAML-5.4b2
|
||||
=======================
|
||||
|
||||
A new release of PyYAML is now available:
|
||||
https://pypi.org/project/PyYAML/
|
||||
A beta release of PyYAML is now available:
|
||||
https://github.com/yaml/pyyaml/releases/tag/5.4b2
|
||||
|
||||
This release contains a security fix for CVE-2020-1747. FullLoader was still
|
||||
exploitable for arbitrary command execution.
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1807367
|
||||
This release contains a security fix for CVE-2020-14343. It removes the
|
||||
python/module, python/object, and python/object/new tags from the FullLoader.
|
||||
YAML that uses these tags must be loaded by UnsafeLoader, or a custom loader
|
||||
that has explicitly enabled them.
|
||||
|
||||
This beta release also adds Python wheels for manylinux1 (x86_64) and
|
||||
MacOS (x86_64) with the libyaml extension included (built on libyaml 0.2.5).
|
||||
We believe these wheels to be stable, but please take the opportunity to test
|
||||
against your local Linux and MacOS environments, and file any issues at
|
||||
https://github.com/yaml/pyyaml/issues.
|
||||
|
||||
PyYAML 5.4 will be the last release to support Python 2.7.
|
||||
|
||||
Thanks to Riccardo Schirone (https://github.com/ret2libc) for both reporting
|
||||
this and providing the fixes to resolve it.
|
||||
|
||||
Changes
|
||||
=======
|
||||
|
||||
* https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor
|
||||
* Update Copyright year to 2021
|
||||
* https://github.com/yaml/pyyaml/pull/407 -- build modernization, remove distutils, fix metadata, build wheels, CI to GHA
|
||||
* https://github.com/yaml/pyyaml/pull/472 -- fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
|
||||
* https://github.com/yaml/pyyaml/pull/441 -- fix memory leak in implicit resolver setup
|
||||
* https://github.com/yaml/pyyaml/pull/392 -- fix py2 copy support for timezone objects
|
||||
* https://github.com/yaml/pyyaml/pull/378 -- fix compatibility with Jython
|
||||
|
||||
|
||||
Resources
|
||||
|
@ -55,6 +67,7 @@ files to object serialization and persistence.
|
|||
Example
|
||||
=======
|
||||
|
||||
```
|
||||
>>> import yaml
|
||||
|
||||
>>> yaml.full_load("""
|
||||
|
@ -72,7 +85,7 @@ name: PyYAML
|
|||
homepage: https://github.com/yaml/pyyaml
|
||||
description: YAML parser and emitter for Python
|
||||
keywords: [YAML, serialization, configuration, persistence, pickle]
|
||||
|
||||
```
|
||||
|
||||
Maintainers
|
||||
===========
|
||||
|
@ -89,7 +102,7 @@ See: https://github.com/yaml/pyyaml/pulls
|
|||
Copyright
|
||||
=========
|
||||
|
||||
Copyright (c) 2017-2020 Ingy döt Net <ingy@ingy.net>
|
||||
Copyright (c) 2017-2021 Ingy döt Net <ingy@ingy.net>
|
||||
Copyright (c) 2006-2016 Kirill Simonov <xi@resolvent.net>
|
||||
|
||||
The PyYAML module was written by Kirill Simonov <xi@resolvent.net>.
|
||||
|
|
|
@ -8,7 +8,7 @@ from nodes import *
|
|||
from loader import *
|
||||
from dumper import *
|
||||
|
||||
__version__ = '5.4.0a0'
|
||||
__version__ = '5.4b2'
|
||||
|
||||
try:
|
||||
from cyaml import *
|
||||
|
|
|
@ -8,7 +8,7 @@ from .nodes import *
|
|||
from .loader import *
|
||||
from .dumper import *
|
||||
|
||||
__version__ = '5.4.0a0'
|
||||
__version__ = '5.4b2'
|
||||
try:
|
||||
from .cyaml import *
|
||||
__with_libyaml__ = True
|
||||
|
|
Loading…
Reference in New Issue