LADI
/
py-yaml
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

5.4.0b2 release

This commit is contained in:
Ingy döt Net 2021-01-14 16:30:55 -05:00
parent a60f7a19c0
commit 539928ea80
6 changed files with 42 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CHANGES
View File

@ -4,6 +4,18 @@ For a complete changelog, see:
* https://github.com/yaml/pyyaml/commits/
* https://bitbucket.org/xi/pyyaml/commits/
5.4b2 (2021-01-14)
* Update Copyright year to 2021
5.4b1 (2021-01-13)
* https://github.com/yaml/pyyaml/pull/407 -- build modernization, remove distutils, fix metadata, build wheels, CI to GHA
* https://github.com/yaml/pyyaml/pull/472 -- fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
* https://github.com/yaml/pyyaml/pull/441 -- fix memory leak in implicit resolver setup
* https://github.com/yaml/pyyaml/pull/392 -- fix py2 copy support for timezone objects
* https://github.com/yaml/pyyaml/pull/378 -- fix compatibility with Jython
5.3.1 (2020-03-18)
* https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor

2
LICENSE
View File

@ -1,4 +1,4 @@
Copyright (c) 2017-2020 Ingy döt Net
Copyright (c) 2017-2021 Ingy döt Net
Copyright (c) 2006-2016 Kirill Simonov
Permission is hereby granted, free of charge, to any person obtaining a copy of

39
announcement.msg
View File

@ -1,25 +1,37 @@
From: Tina Müller <post@tinita.de>
From: Ingy döt Net <ingy@ingy.net>
To: python-list@python.org, python-announce@python.org, yaml-core@lists.sourceforge.net
Subject: [ANN] PyYAML-5.3.1: YAML parser and emitter for Python
Subject: [ANN] PyYAML-5.4b2: Linux and Mac users, please test!
=======================
Announcing PyYAML-5.3.1
Announcing PyYAML-5.4b2
=======================
A new release of PyYAML is now available:
https://pypi.org/project/PyYAML/
A beta release of PyYAML is now available:
https://github.com/yaml/pyyaml/releases/tag/5.4b2
This release contains a security fix for CVE-2020-1747. FullLoader was still
exploitable for arbitrary command execution.
https://bugzilla.redhat.com/show_bug.cgi?id=1807367
This release contains a security fix for CVE-2020-14343. It removes the
python/module, python/object, and python/object/new tags from the FullLoader.
YAML that uses these tags must be loaded by UnsafeLoader, or a custom loader
that has explicitly enabled them.
This beta release also adds Python wheels for manylinux1 (x86_64) and
MacOS (x86_64) with the libyaml extension included (built on libyaml 0.2.5).
We believe these wheels to be stable, but please take the opportunity to test
against your local Linux and MacOS environments, and file any issues at
https://github.com/yaml/pyyaml/issues.
PyYAML 5.4 will be the last release to support Python 2.7.
Thanks to Riccardo Schirone (https://github.com/ret2libc) for both reporting
this and providing the fixes to resolve it.
Changes
=======
* https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor
* Update Copyright year to 2021
* https://github.com/yaml/pyyaml/pull/407 -- build modernization, remove distutils, fix metadata, build wheels, CI to GHA
* https://github.com/yaml/pyyaml/pull/472 -- fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
* https://github.com/yaml/pyyaml/pull/441 -- fix memory leak in implicit resolver setup
* https://github.com/yaml/pyyaml/pull/392 -- fix py2 copy support for timezone objects
* https://github.com/yaml/pyyaml/pull/378 -- fix compatibility with Jython
Resources
@ -55,6 +67,7 @@ files to object serialization and persistence.
Example
=======
```
>>> import yaml
>>> yaml.full_load("""
@ -72,7 +85,7 @@ name: PyYAML
homepage: https://github.com/yaml/pyyaml
description: YAML parser and emitter for Python
keywords: [YAML, serialization, configuration, persistence, pickle]
```
Maintainers
===========
@ -89,7 +102,7 @@ See: https://github.com/yaml/pyyaml/pulls
Copyright
=========
Copyright (c) 2017-2020 Ingy döt Net <ingy@ingy.net>
Copyright (c) 2017-2021 Ingy döt Net <ingy@ingy.net>
Copyright (c) 2006-2016 Kirill Simonov <xi@resolvent.net>
The PyYAML module was written by Kirill Simonov <xi@resolvent.net>.

2
lib/yaml/__init__.py
View File

@ -8,7 +8,7 @@ from nodes import *
from loader import *
from dumper import *
__version__ = '5.4.0a0'
__version__ = '5.4b2'
try:
from cyaml import *

2
lib3/yaml/__init__.py
View File

@ -8,7 +8,7 @@ from .nodes import *
from .loader import *
from .dumper import *
__version__ = '5.4.0a0'
__version__ = '5.4b2'
try:
from .cyaml import *
__with_libyaml__ = True

2
setup.py
View File

@ -1,6 +1,6 @@
NAME = 'PyYAML'
VERSION = '5.4.0a0'
VERSION = '5.4b2'
DESCRIPTION = "YAML parser and emitter for Python"
LONG_DESCRIPTION = """\
YAML is a data serialization format designed for human readability