Restrictedpython

----------------

- Add support for the matmul (`) operator.

----------------

Backwards incompatible changes
++++++++++++++++++++++++++++++

- Drop support for Python 3.6.

Features
++++++++

- Officially support Python 3.12.

Fixes
+++++

- Prevent DeprecationWarnings from ``ast.Str`` and ``ast.Num`` on Python 3.12

- Forbid using some attributes providing access to restricted Python internals.
(CVE-2023-37271)

- Fix information disclosure problems through Python's "format" functionality
(``format`` and ``format_map`` methods on ``str`` and its instances,
``string.Formatter``). (CVE-2023-41039)

----------------

Backwards incompatible changes
++++++++++++++++++++++++++++++

- Drop support for Python 2.7 and 3.5.

Features
++++++++

- Officially support Python 3.11.

- Allow to use the Python 3.11 feature of exception groups and except\*
(PEP 654).

----------------

- Document that ``__name__`` is needed to define classes.

- Add support for Python 3.10. Auditing the Python 3.10 change log did not
reveal any changes which require actions in RestrictedPython.

- Avoid deprecation warnings when using Python 3.8+.
(`192 <https://github.com/zopefoundation/RestrictedPython/issues/192>`_)

----------------

Features
++++++++

- Add support for (Python 3.8+) assignment expressions (i.e. the ``:=`` operator)

- Add support for Python 3.9 after checking the security implications of the
syntax changes made in that version.

- Add support for the ``bytes`` and ``sorted`` builtins
(`186 <https://github.com/zopefoundation/RestrictedPython/issues/186>`_)

Documentation
+++++++++++++

- Document parameter ``mode`` for the ``compile_restricted`` functions
(`157 <https://github.com/zopefoundation/RestrictedPython/issues/157>`_)

- Fix documentation for ``compile_restricted_function``
(`158 <https://github.com/zopefoundation/RestrictedPython/issues/158>`_)

Fixes
+++++

- Fix ``compile_restricted_function`` with SyntaxErrors that have no text
(`181 <https://github.com/zopefoundation/RestrictedPython/issues/181>`_)

- Drop install dependency on ``setuptools``.
(`189 <https://github.com/zopefoundation/RestrictedPython/issues/189>`_)

----------------

Breaking changes
++++++++++++++++

- Revert the allowance of the ``...`` (Ellipsis) statement, as of 4.0. It is
not needed to support Python 3.8.
The security implications of the Ellipsis Statement is not 100 % clear and is
not checked. ``...`` (Ellipsis) is disallowed again.

Features
++++++++

- Add support for f-strings in Python 3.6+.
(`123 <https://github.com/zopefoundation/RestrictedPython/issues/123>`_)