colander 1.7.0 has been released. This release addresses a CVE in the colander.url validator which could trigger a DDOS so upgrading is recommended. https://nvd.nist.gov/vuln/detail/CVE-2017-18361
The full changelog is here: https://docs.pylonsproject.org/projects/colander/en/latest/#change-history Documentation: https://docs.pylonsproject.org/projects/colander/en/latest/ You can install it via PyPI: pip install colander==1.7.0 Enjoy, and please report any issues you find to the issue tracker at https://github.com/Pylons/colander/issues Thanks! - colander core developers -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAKdhhwGbBdnRu%2BM%3DNAh-e8RhZmbf-KNmB%2BjD7jv54ErcLJ320g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
