Changelog¶
This project adheres to Semantic Versioning and human-readable changelog.
yaml4rst master - unreleased¶
yaml4rst v0.1.5 - 2017-03-16¶
yaml4rst v0.1.4 - 2017-02-21¶
Security¶
The default
yaml.load
method from PyYAML which is used to validate the input YAML file is unsafe. As a resultyaml4rst
would have executed arbitrary code given in the YAML input file.Refer to the issue Make load safe_load. This has been fixed by switching to
yaml.safe_load
. [ypid]
yaml4rst v0.1.3 - 2017-02-14¶
yaml4rst v0.1.2 - 2016-11-18¶
Fixed¶
- Python packaging which previously included and installed the unit tests as separate “tests” Python package. Now the built distribution release (Wheel) only contains the actual Python package “yaml4rst” without the unit tests. Checkout the source distribution or the git repository for hacking on the project. Thanks very much to ganto for reporting and providing a patch! [ypid]