We are jazzed to announce the release of: yaql 3.0.0: YAQL - Yet Another Query Language The source is available from: https://opendev.org/openstack/yaql Download the package from: https://pypi.org/project/yaql For more details, please see below. 3.0.0 ^^^^^ Upgrade Notes ************* * The format YAQL function has been removed, because of its vulnability. See the security section to find more details. Security Issues *************** * https://bugs.launchpad.net/murano/+bug/2048114 (https://bugs.launchpad.net/murano/+bug/2048114): The format YAQL function has been removed, because it allowed too arbitrary data access which results in data leak. Users can replace the format function by "+" operator and "str" YAQL function. Changes in yaql 2.0.1..3.0.0 ---------------------------- aa855fc Restore Python 3.6/7 support 83e2832 Remove format function 2a159b8 Publish release notes d52f0e5 Bump hacking 6cbb3da Remove shebang from setup.py 14794a3 Drop direct execution of run.py b64b7db Update python classifier in setup.cfg Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 1 + .../notes/bug-2048114-0968eea052838381.yaml | 12 ++++++++ releasenotes/source/conf.py | 4 +-- releasenotes/source/index.rst | 2 -- releasenotes/source/liberty.rst | 6 ---- releasenotes/source/mitaka.rst | 6 ---- setup.cfg | 4 +++ setup.py | 1 - test-requirements.txt | 2 +- tox.ini | 1 + yaql/cli/run.py | 7 +---- yaql/standard_library/strings.py | 33 ---------------------- 14 files changed, 26 insertions(+), 64 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 7d92711..fdc78c8 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1 +1 @@ -hacking>=3.0.1,<3.1.0 # Apache-2.0 +hacking>=6.1.0,<6.2.0 # Apache-2.0