diff options
author | Armin Ronacher <armin.ronacher@active-4.com> | 2016-12-29 14:14:44 +0100 |
---|---|---|
committer | Armin Ronacher <armin.ronacher@active-4.com> | 2016-12-29 14:14:44 +0100 |
commit | 002edca796f4e69e53d0491e5b1319955082ed02 (patch) | |
tree | c5a9530be64ef4cc8eedf1802b7852cd3df539f7 /CHANGES | |
parent | 9b53045c34e61013dc8f09b7e52a555fa16bed16 (diff) | |
download | jinja-002edca796f4e69e53d0491e5b1319955082ed02.tar.gz |
Updated changelog
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -4,9 +4,12 @@ Jinja2 Changelog Version 2.8.1 ------------- -(unreleased bugfix release) +(bugfix release, released on December 29th 2016) - Fixed the `for_qs` flag for `urlencode`. +- SECURITY: if the sandbox mode is used format expressions are now sandboxed + with the same rules as in Jinja. This solves various information leakage + problems that can occur with format strings. Version 2.8 ----------- |