Restrictedpython

----------------

----------------

- Allow to use the package with Python 3.13.

- Drop support for Python 3.7.

- Provide new function ``RestrictedPython.Guards.safer_getattr_raise``.
It is similar to ``safer_getattr`` but handles its parameter
``default`` like ``getattr``, i.e. it raises ``AttributeError``
if the attribute lookup fails and this parameter is not provided,
fixes `287 <https://github.com/zopefoundation/RestrictedPython/issues/287>`_.

----------------

- Increase the safety level of ``safer_getattr`` allowing applications to use
it as ``getattr`` implementation. Such use should now follow the same policy
and give the same level of protection as direct attribute access in an
environment based on ``RestrictedPython``'s ``safe_builtints``.
- Prevent information leakage via ``AttributeError.obj``
and the ``string`` module. (CVE-2024-47532)

----------------

- Remove unneeded setuptools fossils that may cause installation problems
with recent setuptools versions.
- Add support for single mode statements / execution.
- Fix a potential breakout capability in the provided ``safer_getattr`` method
that is part of the ``safer_builtins``.

----------------

- Add support for the matmul (`) operator.

----------------

Backwards incompatible changes
++++++++++++++++++++++++++++++

- Drop support for Python 3.6.

Features
++++++++

- Officially support Python 3.12.

Fixes
+++++

- Prevent DeprecationWarnings from ``ast.Str`` and ``ast.Num`` on Python 3.12

- Forbid using some attributes providing access to restricted Python internals.
(CVE-2023-37271)

- Fix information disclosure problems through Python's "format" functionality
(``format`` and ``format_map`` methods on ``str`` and its instances,
``string.Formatter``). (CVE-2023-41039)