Hi,
Jinja 2.7.2 was just released and includes a fix for a security problem with the
file system bytecode cache. The default location for the filesystem on Linux
systems used to be not user specific and as such allowed attackers on the same
system to place files there that Jinja2 would then import.
The solution for this has been the introduction of a directory for that
particular user, however the correct solution is to not place the bytecode cache
in the global temporary folder at all and use an explicit path instead.
For 2.8 I will look at better options to solve this issue.
https://pypi.python.org/pypi/Jinja2/2.7.2
Regards,
Armin
--
You received this message because you are subscribed to the Google Groups
"pocoo-libs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pocoo-libs.
For more options, visit https://groups.google.com/groups/opt_out.
