Workflow

Zope.publisher

Latest version: v7.1

Safety actively analyzes 688418 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 7 of 11

3.9.3

==================

- Fix the check for untrusted redirects introduced in 3.9.0 so it works with
virtual hosting.

3.9.2

==================

- Make redirect validation works without HTTP_HOST variable.

- Add DoNotReRaiseException adapter that can be registered
for exceptions to flag that they should not be re-raised by
publisher when ``handle_errors`` parameter of the ``publish``
method is False.

3.9.1

==================

- Convert a location, passed to a redirect method of HTTPRequest to
string before checking for trusted host redirection, because a
location object may be some non-string convertable to string, like
URLGetter.

3.9.0

==================

- Move some parts of ``zope.app.publisher`` into this package
during ``zope.app.publisher`` refactoring:

* ``IModifiableUserPreferredLanguages`` adapter for requests
* ``browser:defaultView`` and ``browser:defaultSkin`` ZCML directives
* ``IHTTPView``, ``IXMLRPCView`` and like interfaces
* security ZCML declarations for some of ``zope.publisher`` classes

- Introduce ``IReRaiseException`` interface. If during publishing an
exception occurs and for this exception an adapter is available that
returns ``False`` on being called, the exception won't be reraised
by the publisher. This happens only if ``handle_errors`` parameter
of the ``publish()`` method is set to ``False``. Fixes problems when
acting in a WSGI pipeline with a debugger middleware enabled.

See https://bugs.launchpad.net/grok/+bug/332061 for details.

- Fix 98471: Restrict redirects to current host. This causes a ValueError to
be raised in the case of redirecting to a different host. If this is
intentional, the parameter `trusted` can be given.

- Move dependency on ``zope.testing`` from ``install_requires`` to
``tests_require``.

- Remove ``time.sleep`` in the ``supportsRetry`` http request.

- Add a fix for Internet Explorer versions which upload files with full
filesystem paths as filenames.

3.8.0

==================

- Move ``IHTTPException``, ``IMethodNotAllowed``, and ``MethodNotAllowed``
here from ``zope.app.http``, fixing dependency cycles involving
``zope.app.http``.

- Move the ``DefaultViewName`` API here from ``zope.app.publisher.browser``,
making it accessible to other packages that need it.

3.7.0

==================

- Move ``IView`` and ``IBrowserView`` interfaces into
``zope.browser.interfaces``, leaving BBB imports.

Page 7 of 11

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.