Hello all, I have just released WebOb 1.8.8 which fixes an open redirect when it normalizes the location header in the Response object when the response type is a redirect.
This affects Pyramid when used with the append_slash_notfound_view, and any use of WebOb that has a Response object receive a location that is not a fully qualified URI with a scheme. See https://pypi.org/project/WebOb/1.8.8/ and https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3 Thanks, Delta Regeer -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-devel/A4116144-AE21-413D-9FB9-C0B7A0A535A3%400x58.com.
