Date: Mon, 09 Jan 2017 19:42:43 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 215651] devel/py-Jinja2: Update to 2.8.1 Message-ID: <bug-215651-21822-ahSWk72BS3@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-215651-21822@https.bugs.freebsd.org/bugzilla/> References: <bug-215651-21822@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215651 Vladimir Krstulja <vlad-fbsd@acheronmedia.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |merge-quarterly? CC| |python@FreeBSD.org Severity|Affects Only Me |Affects Some People Keywords| |needs-qa --- Comment #4 from Vladimir Krstulja <vlad-fbsd@acheronmedia.com> --- Uh, wait. If Jinja2 >= 2.9 uses async, then 2.8.1 is still py3 compliant. We're using 2.8.1 in production with Python 3.5 (pip installed in virtualenv, tho', it's one of few packages we haven't yet switched to ports) and there's no problem, at least not to our use case (main HTML/XML renderer for a rather large flask web app). As for update from 2.8 to 2.8.1, I'm adding merge-quarterly request, these are the changes: (bugfix release, released on December 29th 2016) - Fixed the `for_qs` flag for `urlencode`. - Fixed regression when applying `int` to non-string values. - SECURITY: if the sandbox mode is used format expressions are now sandboxed with the same rules as in Jinja. This solves various information leakage problems that can occur with format strings. * https://github.com/pallets/jinja/blob/master/CHANGES Please revise the change and leave Python3 support for 2.8.1. -- You are receiving this mail because: You are on the CC list for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215651-21822-ahSWk72BS3>