Cbor2

Latest version: v5.6.5

Safety actively analyzes 687918 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 6

5.6.5

- Published binary wheels for Python 3.13

5.6.4

- Fixed compilation of C extension failing on GCC 14
- Fixed compiler warnings when building C extension

5.6.3

- Fixed decoding of epoch-based dates being affected by the local time zone in the C extension

5.6.2

- Fixed ``__hash__()`` of the C version of the ``CBORTag`` type crashing when there's a recursive
reference cycle
- Fixed type annotation for the file object in ``cbor2.dump()``, ``cbor2.load()``, ``CBOREncoder``
and ``CBORDecoder`` to be ``IO[bytes]`` instead of ``BytesIO``
- Worked around a `CPython bug <https://github.com/python/cpython/issues/99612>`_ that caused
a ``SystemError`` to be raised, or even a buffer overflow to occur when decoding a long text
string that contained only ASCII characters
- Changed the return type annotations of ``cbor2.load()`` and ``cbor2.load()`` to return ``Any``
instead of ``object`` so as not to force users to make type casts

5.6.1

Not secure
- Fixed use-after-free in the decoder's C version when prematurely encountering the end of stream
- Fixed the C version of the decoder improperly raising ``CBORDecodeEOF`` when decoding a text
string longer than 65536 bytes

5.6.0

Not secure
- Added the ``cbor2`` command line tool (for ``pipx run cbor2``)
- Added support for native date encoding (bschoenmaeckers)
- Made the C extension mandatory when the environment variable ``CBOR2_BUILD_C_EXTENSION`` is set
to ``1``.
- Fixed ``SystemError`` in the C extension when decoding a ``Fractional`` with a bad
number of arguments or a non-tuple value
- Fixed ``SystemError`` in the C extension when the decoder object hook raises an
exception
- Fixed a segmentation fault when decoding invalid unicode data
- Fixed infinite recursion when trying to hash a CBOR tag whose value points to the tag
itself
- Fixed ``MemoryError`` when maliciously constructed bytestrings or string (declared to be absurdly
large) are being decoded
- Fixed ``UnicodeDecodeError`` from failed parsing of a UTF-8 text string not being wrapped as
``CBORDecodeValueError``
- Fixed ``TypeError`` or ``ZeroDivisionError`` from a failed decoding of ``Fraction`` not being
wrapped as ``CBORDecodeValueError``
- Fixed ``TypeError`` or ``ValueError`` from a failed decoding of ``UUID`` not being wrapped as
``CBORDecodeValueError``
- Fixed ``TypeError`` from a failed decoding of ``MIMEMessage`` not being wrapped as
``CBORDecodeValueError``
- Fixed ``OverflowError``, ``OSError`` or ``ValueError`` from a failed decoding of epoch-based
``datetime`` not being wrapped as ``CBORDecodeValueError``

Page 1 of 6

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.