Paste 1.7.4 is released. The only real change is to paste.httpexceptions,
which was using insecure quoting of some parameters and allowed an XSS hole,
most specifically with its 404 messages. The most notably WSGI application
using this is paste.urlparse.StaticURLParser and PkgResourcesParser.
On 6/24/10 09:07 , Ian Bicking wrote:
I believe the changes to 1.7.4 are limited and upgrading will have a low
impact.
Is there a changelog somewhere? The paste website still lists 1.7.3 as
the last release and the pypi page has no changelog information.
If I look at