Request 1089053: Submit python-sqlparse - openSUSE Build Service

Overview

Request 1089053 accepted

- Update to 0.4.4:
* IMPORTANT: This release fixes a security vulnerability in
the parser where a regular expression vulnerable to ReDOS
(Regular Expression Denial of Service) was used. See the
security advisory for details (CVE-2023-30608, bsc#1210617,
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2)
The vulnerability was discovered by @erik-krogh from GitHub
Security Lab (GHSL). Thanks for reporting!
* Revert a change from 0.4.0 that changed IN to be a comparison
(issue694). The primary expectation is that IN is treated as
a keyword and not as a comparison operator. That also follows
the definition of reserved keywords for the major SQL syntax
definitions.
* Fix regular expressions for string parsing.
* sqlparse now uses pyproject.toml instead of setup.cfg
(issue685).

Created by mcepl 12 months ago
In state accepted

Submit python-sqlparse

Comments for request 1089053 0

Login required, please login in order to comment

Request History

mcepl created request 12 months ago

- Update to 0.4.4:
* IMPORTANT: This release fixes a security vulnerability in
the parser where a regular expression vulnerable to ReDOS
(Regular Expression Denial of Service) was used. See the
security advisory for details (CVE-2023-30608, bsc#1210617,
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2)
The vulnerability was discovered by @erik-krogh from GitHub
Security Lab (GHSL). Thanks for reporting!
* Revert a change from 0.4.0 that changed IN to be a comparison
(issue694). The primary expectation is that IN is treated as
a keyword and not as a comparison operator. That also follows
the definition of reserved keywords for the major SQL syntax
definitions.
* Fix regular expressions for string parsing.
* sqlparse now uses pyproject.toml instead of setup.cfg
(issue685).

factory-auto added opensuse-review-team as a reviewer 12 months ago

Please review sources

factory-auto accepted review 12 months ago

Check script succeeded

licensedigger accepted review 12 months ago

ok

anag+factory set openSUSE:Factory:Staging:G as a staging project 12 months ago

Being evaluated by staging project "openSUSE:Factory:Staging:G"

anag+factory accepted review 12 months ago

Picked "openSUSE:Factory:Staging:G"

jengelh accepted review 12 months ago

dimstar_suse accepted review 12 months ago

Staging Project openSUSE:Factory:Staging:G got accepted.

dimstar_suse approved review 12 months ago

Staging Project openSUSE:Factory:Staging:G got accepted.

dimstar_suse accepted request 12 months ago

Staging Project openSUSE:Factory:Staging:G got accepted.

openSUSE Build Service is sponsored by