Overview
Request 765651 accepted
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
- Update to 1.7.0 (2019-02-01), also fixes bsc#1123996 (CVE-2017-18361)
+ The URL validator regex has been updated to no longer be
vulnerable to a catastrophic backtracking that would have led to
an infinite loop.
See https://github.com/Pylons/colander/pull/323
and https://github.com/Pylons/colander/issues/290.
With thanks to Przemek (https://github.com/p-m-k).
+ This does change the behaviour of the URL validator and it no
longer supports file:// URI scheme
(https://tools.ietf.org/html/rfc8089). Users that wish to validate
file:// URI’s should change their validator to use
colander.file_uri instead.
+ It has also dropped support for alternate schemes outside of
http/ftp (and their secure equivelants). Please let us know if we
need to relax this requirement.
+ CVE-ID: CVE-2017-18361
+ The Email validator has been updated to use the same regular
expression that is used by the WhatWG HTML specification, thereby
increasing the email addresses that will validate correctly from
web forms submitted.
See https://github.com/Pylons/colander/pull/324
and https://github.com/Pylons/colander/issues/283
+ Number once again will allow you to serialize None to colander.null,
this reverts an accidental revert.
See https://github.com/Pylons/colander/issues/204#issuecomment-459556100
+ Integer SchemaType now supports an optional strict mode that will
validate that the number is an integer, rather than silently accepting
floats and truncating.
Request History
mcepl created request
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
- Update to 1.7.0 (2019-02-01), also fixes bsc#1123996 (CVE-2017-18361)
+ The URL validator regex has been updated to no longer be
vulnerable to a catastrophic backtracking that would have led to
an infinite loop.
See https://github.com/Pylons/colander/pull/323
and https://github.com/Pylons/colander/issues/290.
With thanks to Przemek (https://github.com/p-m-k).
+ This does change the behaviour of the URL validator and it no
longer supports file:// URI scheme
(https://tools.ietf.org/html/rfc8089). Users that wish to validate
file:// URI’s should change their validator to use
colander.file_uri instead.
+ It has also dropped support for alternate schemes outside of
http/ftp (and their secure equivelants). Please let us know if we
need to relax this requirement.
+ CVE-ID: CVE-2017-18361
+ The Email validator has been updated to use the same regular
expression that is used by the WhatWG HTML specification, thereby
increasing the email addresses that will validate correctly from
web forms submitted.
See https://github.com/Pylons/colander/pull/324
and https://github.com/Pylons/colander/issues/283
+ Number once again will allow you to serialize None to colander.null,
this reverts an accidental revert.
See https://github.com/Pylons/colander/issues/204#issuecomment-459556100
+ Integer SchemaType now supports an optional strict mode that will
validate that the number is an integer, rather than silently accepting
floats and truncating.
licensedigger accepted review
ok
factory-auto accepted review
Check script succeeded
maintbot accepted review
ok
maintbot approved review
ok
rfrohl moved maintenance target to openSUSE:Maintenance:11823
rfrohl accepted request
accepted request 765651:Thanks!
For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance
openSUSE:Factory/python-colander@177404eadd1a1c16bce4b8f495e5cc22 -> openSUSE:Leap:15.1:Update/python-colander
expected origin is 'openSUSE:Factory' (unchanged)