As you know web2py is end of life and we recommend moving to py4web.com. In any case, we received a report from two minor security vulnerabilities from user ggufamin so we fixed them and released a new web2py 3.2.2 version.
The vulnerabilities are minor and should not have affect anybody: 1) An eval in gluon/conrtib/spreadsheet.py. I do not expect anybody to be using spreadsheet.py which was only a proof of concept. I have therefore deleted the file in 3.2.2. 2) An eval in gluon/languages.py. This allow execution of arbitrary code in a language file if the ast module is missing. If you are using python3 the ast module is never missing. Moreover your users cannot inject code in your language files. In any case the eval() has been removed since we only support python 3 now. Massimo -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/web2py/c468b7e4-df55-4315-8772-0a037e90018bn%40googlegroups.com.
