Date: Mon, 09 Jan 2017 19:42:43 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 215651] devel/py-Jinja2: Update to 2.8.1 Message-ID: <bug-215651-21822-ahSWk72BS3@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-215651-21822@https.bugs.freebsd.org/bugzilla/> References: <bug-215651-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215651 Vladimir Krstulja <vlad-fbsd@acheronmedia.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |merge-quarterly? CC| |python@FreeBSD.org Severity|Affects Only Me |Affects Some People Keywords| |needs-qa --- Comment #4 from Vladimir Krstulja <vlad-fbsd@acheronmedia.com> --- Uh, wait. If Jinja2 >=3D 2.9 uses async, then 2.8.1 is still py3 compliant.= We're using 2.8.1 in production with Python 3.5 (pip installed in virtualenv, tho= ', it's one of few packages we haven't yet switched to ports) and there's no problem, at least not to our use case (main HTML/XML renderer for a rather large flask web app). As for update from 2.8 to 2.8.1, I'm adding merge-quarterly request, these = are the changes: (bugfix release, released on December 29th 2016) - Fixed the `for_qs` flag for `urlencode`. - Fixed regression when applying `int` to non-string values. - SECURITY: if the sandbox mode is used format expressions are now sandboxed with the same rules as in Jinja. This solves various information leakage problems that can occur with format strings. * https://github.com/pallets/jinja/blob/master/CHANGES Please revise the change and leave Python3 support for 2.8.1. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215651-21822-ahSWk72BS3>