Accesscontrol

Latest version: v7.2

Safety actively analyzes 679296 Python packages for vulnerabilities to keep your Python projects secure.

Page 1 of 8

7.3

----------------

7.2

----------------

- Prevent untrusted access to ``AccessControl.userfolder.UserFolder.data``
(fixes `GHSA-g5vw-3h65-2q3v <https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-g5vw-3h65-2q3v>`_).

7.1

Not secure

----------------

- Add final support for Python 3.13.

- Respect ``PURE_PYTHON`` environment variable set to ``0`` when running tests.

- Let the roles access in ``rolesForPermissionOn`` interpret ``AttributeError``
and ``Unauthorized`` as "no roles definition for this permission at this
object" and report any other exception (for the Python and C implementation).
We have to treat ``Unauthorized`` like ``AttributeError`` to support
``Shared.DC.Scripts.Bindings.UnauthorizedBinding`` which raises
``Unauthorized`` for any access.

7.0

Not secure

----------------

- Add preliminary support for Python 3.13 as of 3.13b1.

- Remove support for Python 3.7.

- Build Windows wheels on GHA.

- Make dict views (`.keys()`, `.items()` and `.values()`) behave like their
unrestricted versions.
(`147 <https://github.com/zopefoundation/AccessControl/pull/147>`_)

- Make `.items()` validate each keys and values, like `.keys()` and
`.values()` do.

- Fix build errors on recent macOS versions.

6.3

Not secure

----------------

- Add support for Python 3.12.

6.2

Not secure

----------------

- Fix information disclosure through ``str.format_map``.
(CVE-2023-41050)

Page 1 of 8

Releases

Has known vulnerabilities

Accesscontrol

Page 1 of 8

7.3

7.2

7.1

7.0

6.3

6.2

Page 1 of 8

Links

Releases