Pyro4

Latest version: v4.82

Safety actively analyzes 685838 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 5

4.70

Not secure
Pyro4 is now compatible with upcoming Python 3.7 syntax changes, see below

- bump to version 4.70 to emphasize the following change:
- **incompatible API change** for python 3.7 compatibility: renaming of ``async`` function and keyword arguments in the API:
Renamed ``Pyro4.core.async`` to ``Pyro4.core.asyncproxy`` (and its occurrence in ``Pyro4``) and the ``async`` keyword argument in some methods to ``asynchronous``.
This had to be done because ``async`` (and ``await``) are now parsed as keywords in Python 3.7 and using them otherwise will result in a SyntaxError when loading the module.
It is suggested you stop using the ``asyncproxy`` function and instead create asynchronous proxies using the ``_pyroAsync`` method on the regular proxy.
- For existing code running on Python *older than 3.7*, a backwards compatibility feature is present to still provide the ``async`` function and keyword arguments as they were supported on previous Pyro versions.
But also for that older environments, it's advised to migrate away from them and start using the new names.
- Proxy and Daemon have a new 'connected_socket' parameter. You can set it to a user-supplied connected socket that must be used by them instead of creating a new socket for you. Connected sockets can be created using the socket.socketpair() function for instance, and allow for easy and efficient communication over an internal socket between parent-child processes or threads, using Pyro. Also see the new 'socketpair' example.
- dropped support for Python 3.3 (which has reached end-of-life status). Supported Python versions are now 2.7, and 3.4 or newer. (the life cycle status of the Python versions can be seen here https://devguide.python.org/#status-of-python-branches)

4.63

Not secure
- fixed bug in autoproxy logic where it registered the wrong type if daemon.register() was called with
a class instead of an object (internal register_type_replacement method)
- added check in ``expose`` method to validate the order of decorators on a method (``expose`` should come last, after ``classmethod`` or ``staticmethod``).
- added resource tracking feature (see 'Automatically freeing resources when client connection gets closed' in the Tips & Tricks chapter)
- the warning about a class not exposing anything now actually tells you the correct class

4.62

Not secure
- **major new feature: SSL/TLS support added** - a handful of new config items ('SSL' prefixed), supports
server-only certificate and also 2-way-ssl (server+client certificates).
For testing purposes, self-signed server and client certificates are available in the 'certs' directory.
SSL/TLS in Pyro is supported on Python 2.7.11+ or Python 3.4.4+ (these versions have various important security related changes such as disabling vulnerable cyphers or protocols by default)
- added SSL example that shows how to configure 2-way-SSL in Pyro and how to do certificate verification on both sides.
- added cloudpickle serialization support (https://github.com/cloudpipe/cloudpickle/)
- added a small extended-pickle example that shows what dill and cloudpickle can do (send actual functions)
- daemon is now more resilient to exceptions occurring with socket communications (it logs them but is otherwise not interrupted) (this was required to avoid errors occurring in the SSL layer stopping the server)
- some small bugs fixed (crash when logging certain errors in thread server, invalid protected members showing up on pypy3)
- the ``raise data`` line in a traceback coming from Pyro now has a comment after it, telling you that you probably should inspect the remote traceback as well.
- *note*: if you're using Python 3 only and are interested in a modernized version of Pyro,
have a look at Pyro5: https://github.com/irmen/Pyro5 It's experimental work in progress, but it works pretty well.
- *note*: Pyro4 is reaching a state where I consider it "feature complete": I'm considering not adding more new features but only doing bug-fixes. New features (if any) will then appear only in Pyro5.

4.61

Not secure
- serpent 1.23 library now required.
- Pyro4.utils.flame.connect now has an optional hmac_key argument. You can now use this utility function to connect to a flame server running with a hmac_key. (Previously it didn’t let you specify the client hmac_key so you had to create a flame proxy manually, on which you then had to set the _pyroHmacKey property).
- main documentation is now http://pyro4.readthedocs.io instead of http://pythonhosted.org/Pyro4/

4.60

Not secure
- ``Pyro4.core.async()`` and ``proxy._pyroAsync()`` now return ``None``, instead of the proxy object.
This means you'll have to change your code that expects a proxy as return value, for instance by creating a
copy of the proxy yourself first.
This change was done to avoid subtle errors where older code still assumed it got a *copy* of the proxy,
but since 4.57 that is no longer done and it is handed back the same proxy.
By returning ``None`` now, at least the old code will now crash with a clear error, instead of silently continuing
with the possibility of failing in weird ways later.

4.59

Not secure
- Fixed pyro4-check-config script.

Page 3 of 5

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.