Restrictedpython

----------------

- Nothing changed yet.

----------------

Backwards incompatible changes
++++++++++++++++++++++++++++++

- Disallow ``try/except*`` clauses due to a possible sandbox escape and
probable uselessness of this feature in the context of ``RestrictedPython``.
In addition, remove ``ExceptionGroup`` from ``safe_builtins`` (as useful only
with ``try/except*``). - This feature was introduced into
``RestrictedPython`` in version 6.0 for Python 3.11+. (CVE-2025-22153)

- Drop support for Python 3.8.

Features
++++++++

- Update setuptools version pin.
(`292 <https://github.com/zopefoundation/RestrictedPython/issues/292>`_)

----------------

- Allow to use the package with Python 3.13.

- Drop support for Python 3.7.

- Provide new function ``RestrictedPython.Guards.safer_getattr_raise``.
It is similar to ``safer_getattr`` but handles its parameter
``default`` like ``getattr``, i.e. it raises ``AttributeError``
if the attribute lookup fails and this parameter is not provided,
fixes `287 <https://github.com/zopefoundation/RestrictedPython/issues/287>`_.

----------------

- Increase the safety level of ``safer_getattr`` allowing applications to use
it as ``getattr`` implementation. Such use should now follow the same policy
and give the same level of protection as direct attribute access in an
environment based on ``RestrictedPython``'s ``safe_builtints``.
- Prevent information leakage via ``AttributeError.obj``
and the ``string`` module. (CVE-2024-47532)

----------------

- Remove unneeded setuptools fossils that may cause installation problems
with recent setuptools versions.
- Add support for single mode statements / execution.
- Fix a potential breakout capability in the provided ``safer_getattr`` method
that is part of the ``safer_builtins``.

----------------

- Add support for the matmul (`) operator.