Safety vulnerability ID: 66809
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tribler version 7.11.0rc1 has updated its Pygments dependency from version 2.5.2 to 2.7.4 to address the Regular Expression Denial of Service (ReDoS) vulnerability identified by CVE-2021-27291.
https://github.com/Tribler/tribler/pull/6204/commits/c17ce53a03493a1e469f2860fc8a09154f5cc89d
Latest version: 7.13.1
Privacy enhanced BitTorrent client with P2P content discovery
This release introduces the tag system in Tribler where you can add tags on torrents. This helps to improve the discoverability and search of torrents in Tribler. Besides the tag system, there are several bug fixes and improvements included in this release.
<details>
<summary> Changelog </summary>
* Refactoring: network utils by drew2a in https://github.com/Tribler/tribler/pull/6150
* Refactor random ports assignation in tribler config by drew2a in https://github.com/Tribler/tribler/pull/6152
* Remove generated test data from gitignore by drew2a in https://github.com/Tribler/tribler/pull/6159
* Remove references of json_util by xoriole in https://github.com/Tribler/tribler/pull/6161
* Adopt AppStream by overflw in https://github.com/Tribler/tribler/pull/6056
* Refactoring: tribler_config.py by drew2a in https://github.com/Tribler/tribler/pull/6160
* Refactoring: path_utils.py by drew2a in https://github.com/Tribler/tribler/pull/6163
* Updated IPv8 pointer by qstokkink in https://github.com/Tribler/tribler/pull/6165
* [macOS] Fix display name capitalization by da2x in https://github.com/Tribler/tribler/pull/6162
* Disable EVA timeout in test_dynamically_changed_window_size by drew2a in https://github.com/Tribler/tribler/pull/6170
* Add pydantic by drew2a in https://github.com/Tribler/tribler/pull/6168
* Disable EVA terminate by timeout in test_multiply_duplex by drew2a in https://github.com/Tribler/tribler/pull/6173
* Refactor structure of tribler communities by drew2a in https://github.com/Tribler/tribler/pull/6175
* Delete test artifacts by drew2a in https://github.com/Tribler/tribler/pull/6178
* Add shutdown call to each mds instance created inside RQC tests by drew2a in https://github.com/Tribler/tribler/pull/6179
* Removed unused print statement by devos50 in https://github.com/Tribler/tribler/pull/6193
* Extract loaders from ipv8_module_catalog.py by drew2a in https://github.com/Tribler/tribler/pull/6182
* Showing individual overlay peers in the debug panel by devos50 in https://github.com/Tribler/tribler/pull/6191
* Remove obsolete database_blob type by ichorid in https://github.com/Tribler/tribler/pull/6196
* Add missing documentation dependencies by xoriole in https://github.com/Tribler/tribler/pull/6102
* Remove DateAxisItem custom implementation by xoriole in https://github.com/Tribler/tribler/pull/6198
* Disable EVA timeout in test_duplex by drew2a in https://github.com/Tribler/tribler/pull/6207
* Update token balance graph data axis by xoriole in https://github.com/Tribler/tribler/pull/6215
* Add pydantic dependency check by xoriole in https://github.com/Tribler/tribler/pull/6225
* Fix removing all peers for channel instead of the failing one by ichorid in https://github.com/Tribler/tribler/pull/6231
* Silently pass when user tries to add duplicate torrents to channel by ichorid in https://github.com/Tribler/tribler/pull/6236
* [Snyk] Fix for 4 vulnerabilities by snyk-bot in https://github.com/Tribler/tribler/pull/6204
* Bash script to build documentation by xoriole in https://github.com/Tribler/tribler/pull/6240
* Basic component tests added by kozlovsky in https://github.com/Tribler/tribler/pull/6242
* Remove Session god-mediator-object by ichorid in https://github.com/Tribler/tribler/pull/6206
* Fixes 6245: Wrong target peers for DiscoveryCommunity by kozlovsky in https://github.com/Tribler/tribler/pull/6246
* Fixes 6250, fixes 6251: each community should use a separate bootstrapper by kozlovsky in https://github.com/Tribler/tribler/pull/6252
* Fixes 6257: restore lint checks for tests by kozlovsky in https://github.com/Tribler/tribler/pull/6258
* Fixes 6262, fixes 6268: correct delayed initialization of endpoints by kozlovsky in https://github.com/Tribler/tribler/pull/6277
* Refactoring/session logic outside of session by kozlovsky in https://github.com/Tribler/tribler/pull/6275
* Fixes 6255: make `faifast` an option of the Session.start() method by kozlovsky in https://github.com/Tribler/tribler/pull/6276
* Fixes 6265: start Tribler with ipv8 disabled by kozlovsky in https://github.com/Tribler/tribler/pull/6278
* Fixes 6266: uncaught error when starting with tunnel_community disabled by kozlovsky in https://github.com/Tribler/tribler/pull/6279
* Fixes 6267: crash when clicking in channel with torrent_checking disabled by kozlovsky in https://github.com/Tribler/tribler/pull/6280
* Fixes 6269, fixes 6270: DiscoveryCommunity and DHTDiscoveryCommunity disregards config setting by kozlovsky in https://github.com/Tribler/tribler/pull/6281
* Remove IPv8 hidden imports in tribler.spec by xoriole in https://github.com/Tribler/tribler/pull/6256
* Don’t filter any groups of people out of existence by da2x in https://github.com/Tribler/tribler/pull/6259
* Don’t create a Tribler subfolder in the Start by da2x in https://github.com/Tribler/tribler/pull/6239
* Allow optional dependencies between components by kozlovsky in https://github.com/Tribler/tribler/pull/6291
* Fix run tunnel helper by kozlovsky in https://github.com/Tribler/tribler/pull/6292
* Fix tunnel helper arguments by kozlovsky in https://github.com/Tribler/tribler/pull/6293
* Update Debian build script and changelog by xoriole in https://github.com/Tribler/tribler/pull/6302
* Remove DEBIAN directory from the build by xoriole in https://github.com/Tribler/tribler/pull/6310
* Fix 6284 by drew2a in https://github.com/Tribler/tribler/pull/6315
* Fix 6283 by drew2a in https://github.com/Tribler/tribler/pull/6316
* Fix 6285 by drew2a in https://github.com/Tribler/tribler/pull/6317
* Merge fixes from 7.10 into main by ichorid in https://github.com/Tribler/tribler/pull/6319
* Fix 6296 by drew2a in https://github.com/Tribler/tribler/pull/6314
* Update development_methodology.rst by drew2a in https://github.com/Tribler/tribler/pull/6312
* Update readme.rst by drew2a in https://github.com/Tribler/tribler/pull/6313
* Fix 6295 by ichorid in https://github.com/Tribler/tribler/pull/6320
* Set exit node cache path on Tunnel community by xoriole in https://github.com/Tribler/tribler/pull/6318
* Fix 6264 by ichorid in https://github.com/Tribler/tribler/pull/6322
* Fix 6290 by ichorid in https://github.com/Tribler/tribler/pull/6324
* Fix 6271 by ichorid in https://github.com/Tribler/tribler/pull/6323
* Fix 6289 by ichorid in https://github.com/Tribler/tribler/pull/6326
* Fix documentation build issue by xoriole in https://github.com/Tribler/tribler/pull/6329
* Fix 6172 by ichorid in https://github.com/Tribler/tribler/pull/6325
* Increase EVA tests timeouts by drew2a in https://github.com/Tribler/tribler/pull/6332
* Fix 6237 by ichorid in https://github.com/Tribler/tribler/pull/6321
* Fix 6333 by drew2a in https://github.com/Tribler/tribler/pull/6334
* Change gaierror import by drew2a in https://github.com/Tribler/tribler/pull/6330
* Fix community component shutdown leaving stuff behind by ichorid in https://github.com/Tribler/tribler/pull/6338
* Fix notifier not working from a thread by ichorid in https://github.com/Tribler/tribler/pull/6337
* Fix 6307 by ichorid in https://github.com/Tribler/tribler/pull/6336
* Various GUI test mode improvements by devos50 in https://github.com/Tribler/tribler/pull/6343
* Switch to modern IPv8 Community addition by drew2a in https://github.com/Tribler/tribler/pull/6346
* Add CODEOWNERS by drew2a in https://github.com/Tribler/tribler/pull/6347
* Fix adding FFA entries on torrentinfo calls by ichorid in https://github.com/Tribler/tribler/pull/6349
* Removed unused TickWidgetItem by devos50 in https://github.com/Tribler/tribler/pull/6353
* Fixed on_report_sent callback in GUI tests by devos50 in https://github.com/Tribler/tribler/pull/6364
* Fixed width and vertical text alignment in table headers by devos50 in https://github.com/Tribler/tribler/pull/6367
* Demote some logging messages to debug level by ichorid in https://github.com/Tribler/tribler/pull/6363
* Increase maximum request size for AIOHTTP to 2MB by ichorid in https://github.com/Tribler/tribler/pull/6361
* Fix crash on trying to go back on empty Channels stack in the GUI by ichorid in https://github.com/Tribler/tribler/pull/6357
* Fix crash on race condition on show results button in GUI by ichorid in https://github.com/Tribler/tribler/pull/6355
* Fix 6263 by ichorid in https://github.com/Tribler/tribler/pull/6354
* Fix random fails in chunk splitting test by ichorid in https://github.com/Tribler/tribler/pull/6350
* Fix corner-case bump amount problem in VSIDS by ichorid in https://github.com/Tribler/tribler/pull/6351
* Merge bandwidth_accounting module and component by drew2a in https://github.com/Tribler/tribler/pull/6371
* Update experiments regarding to the latest changes in tribler-core by drew2a in https://github.com/Tribler/tribler/pull/6374
* Various small fixes by ichorid in https://github.com/Tribler/tribler/pull/6372
* Merge mds module and component by drew2a in https://github.com/Tribler/tribler/pull/6378
* Fix 6299 by drew2a in https://github.com/Tribler/tribler/pull/6380
* Implement row deselection on mouse leave by devos50 in https://github.com/Tribler/tribler/pull/6376
* Significantly reduced the number of redraws in GUI tables by devos50 in https://github.com/Tribler/tribler/pull/6384
* Fixed test_popular_page by devos50 in https://github.com/Tribler/tribler/pull/6387
* Fixes 6360: Optional dependency on REST manager in components by kozlovsky in https://github.com/Tribler/tribler/pull/6381
* Add pytest.mark.asyncio to test functions by drew2a in https://github.com/Tribler/tribler/pull/6383
* Components cleanup by kozlovsky in https://github.com/Tribler/tribler/pull/6391
* Fixed scrolling in GUI tables by devos50 in https://github.com/Tribler/tribler/pull/6392
* Merge masterkey module and component by drew2a in https://github.com/Tribler/tribler/pull/6385
* Remove table redraw on mouse movement by devos50 in https://github.com/Tribler/tribler/pull/6393
* Remove unused variables from utilities.py by devos50 in https://github.com/Tribler/tribler/pull/6394
* Add PR policies by drew2a in https://github.com/Tribler/tribler/pull/6390
* Rename BandwidthAccountingCommunity file by drew2a in https://github.com/Tribler/tribler/pull/6400
* Remove test-gatekeeper.sh by xoriole in https://github.com/Tribler/tribler/pull/6404
* Fix disseminator.py by drew2a in https://github.com/Tribler/tribler/pull/6398
* Fix 6397 by drew2a in https://github.com/Tribler/tribler/pull/6399
* Fix 6238 by drew2a in https://github.com/Tribler/tribler/pull/6401
* Component fixes by kozlovsky in https://github.com/Tribler/tribler/pull/6405
* Remove empty comment by Solomon1732 in https://github.com/Tribler/tribler/pull/6403
* Introduce "default init" and "unload" methods for Ipv8Component by drew2a in https://github.com/Tribler/tribler/pull/6402
* Move Network overwrite from community to component by drew2a in https://github.com/Tribler/tribler/pull/6408
* Added search box focus, increased width of 'health' column in GUI by devos50 in https://github.com/Tribler/tribler/pull/6411
* Merge ipv8 module and component by drew2a in https://github.com/Tribler/tribler/pull/6410
* Fixes 6407: `RESTManager.get_endpoint(endpoint_name)` should return … by kozlovsky in https://github.com/Tribler/tribler/pull/6418
* Minor GUI updates by devos50 in https://github.com/Tribler/tribler/pull/6417
* Removed channels from metadata endpoint docstring by devos50 in https://github.com/Tribler/tribler/pull/6422
* Fixes 6358: correct component's shutdown by kozlovsky in https://github.com/Tribler/tribler/pull/6419
* Merge libtorrent module and component by drew2a in https://github.com/Tribler/tribler/pull/6421
* Update development_on_linux.rst by Dmole in https://github.com/Tribler/tribler/pull/6424
* Merge Payout module and component by drew2a in https://github.com/Tribler/tribler/pull/6426
* Fixed GUI dialog position on show by devos50 in https://github.com/Tribler/tribler/pull/6425
* Fixed status code check in REST API tests by devos50 in https://github.com/Tribler/tribler/pull/6432
* Add anyio-based happy eyeballs select to GigaChannel by ichorid in https://github.com/Tribler/tribler/pull/6415
* Fixed page title color inconsistency by devos50 in https://github.com/Tribler/tribler/pull/6437
* Fixed escape signal in the GUI by devos50 in https://github.com/Tribler/tribler/pull/6438
* Merge Popularity module and component by drew2a in https://github.com/Tribler/tribler/pull/6436
* Merge Resource Monitor module and component by drew2a in https://github.com/Tribler/tribler/pull/6442
* Removed popular torrents explanation box by devos50 in https://github.com/Tribler/tribler/pull/6435
* Fixed Marshmallow REST schemas by devos50 in https://github.com/Tribler/tribler/pull/6445
* Merge Reporter module and component by drew2a in https://github.com/Tribler/tribler/pull/6446
* Remove unnecessary lines from components' tests. by drew2a in https://github.com/Tribler/tribler/pull/6447
* Modified shutdown procedure in GUI tests by devos50 in https://github.com/Tribler/tribler/pull/6448
* Merge Socks Server module and component by drew2a in https://github.com/Tribler/tribler/pull/6451
* Adding tag community, database and REST API endpoints by drew2a in https://github.com/Tribler/tribler/pull/6396
* READY: Add tree-based view for torrent files in download dialog by ichorid in https://github.com/Tribler/tribler/pull/6449
* Implemented customized checkbox style across the GUI by devos50 in https://github.com/Tribler/tribler/pull/6458
* GUI elements for the tagging system by devos50 in https://github.com/Tribler/tribler/pull/6453
* Move RQC to Metadata Store by drew2a in https://github.com/Tribler/tribler/pull/6461
* Fix losing selected files when switching to another download by ichorid in https://github.com/Tribler/tribler/pull/6463
* Expand toplevel dir by default in add torrent dialog and downloads by ichorid in https://github.com/Tribler/tribler/pull/6464
* Various improvements to the tags GUI by devos50 in https://github.com/Tribler/tribler/pull/6467
* Add Secondary Key to MasterKeyComponent by drew2a in https://github.com/Tribler/tribler/pull/6462
* Fixed row height calculation when tag height is changed by devos50 in https://github.com/Tribler/tribler/pull/6469
* Merge Torrent Checker module and component by drew2a in https://github.com/Tribler/tribler/pull/6472
* Implemented tag suggestions by devos50 in https://github.com/Tribler/tribler/pull/6470
* Tag System: Change threshold formula by drew2a in https://github.com/Tribler/tribler/pull/6473
* Tag System: Verify tag doesn't contain any spaces by drew2a in https://github.com/Tribler/tribler/pull/6476
* Tag System: Revert {pk, tag, infohash} clock by drew2a in https://github.com/Tribler/tribler/pull/6475
* Fix popular torrents by xoriole in https://github.com/Tribler/tribler/pull/6478
* Move restapi to the component by drew2a in https://github.com/Tribler/tribler/pull/6477
* Modified tag colors by devos50 in https://github.com/Tribler/tribler/pull/6479
* Changed keyword in add tags dialog by devos50 in https://github.com/Tribler/tribler/pull/6485
* Merge tunnel module and component by drew2a in https://github.com/Tribler/tribler/pull/6486
* Replace test torrent by devos50 in https://github.com/Tribler/tribler/pull/6487
* Remove bootstrap.py by drew2a in https://github.com/Tribler/tribler/pull/6488
* Merge Upgrade module and component by drew2a in https://github.com/Tribler/tribler/pull/6490
* Merge Version Checker module and component by drew2a in https://github.com/Tribler/tribler/pull/6492
* Merge Watch Folder module and component by drew2a in https://github.com/Tribler/tribler/pull/6493
* Merge the rest of modules by drew2a in https://github.com/Tribler/tribler/pull/6495
* Speed up tests for EVA protocol by drew2a in https://github.com/Tribler/tribler/pull/6491
* Add periodic checking of channel torrents health by xoriole in https://github.com/Tribler/tribler/pull/6406
* EVA: Add validation for on_acknowledgement and on_write_request by drew2a in https://github.com/Tribler/tribler/pull/6496
* Moved tag rect metadata to a separate dictionary in model by devos50 in https://github.com/Tribler/tribler/pull/6501
* Remove unused code by drew2a in https://github.com/Tribler/tribler/pull/6494
* Fix full text search autosuggestions & results by kozlovsky in https://github.com/Tribler/tribler/pull/6508
* Avoid modifying global category/filters in tests by devos50 in https://github.com/Tribler/tribler/pull/6503
* Fix and speedup hidden services test by egbertbouman in https://github.com/Tribler/tribler/pull/6512
* Fix components startup by kozlovsky in https://github.com/Tribler/tribler/pull/6507
* Improvements to Tribler window initialization by devos50 in https://github.com/Tribler/tribler/pull/6511
* Fixed emoji drawing in labels/combo box on Linux by devos50 in https://github.com/Tribler/tribler/pull/6497
* Fixes 6514: Move to_fts_query function from tribler_gui.utilities to tribler_common.utilities by kozlovsky in https://github.com/Tribler/tribler/pull/6515
* Make requirements.txt a single source of trust for dependencies by drew2a in https://github.com/Tribler/tribler/pull/6504
* Remove an unnecessary second connection to the `/events` endpoint from GUI by kozlovsky in https://github.com/Tribler/tribler/pull/6528
* Added social media links to README by devos50 in https://github.com/Tribler/tribler/pull/6529
* Refactor the error reporting chain by drew2a in https://github.com/Tribler/tribler/pull/6524
* Fixes 6263 - Tribler should open FeedbackDialog if error happend in Core during startup by kozlovsky in https://github.com/Tribler/tribler/pull/6530
* Changed click box of 'create tags' message by devos50 in https://github.com/Tribler/tribler/pull/6533
* Fix one click release build by kozlovsky in https://github.com/Tribler/tribler/pull/6545
* Make TEST_SENTRY_URL the single source of sentry test mode information by drew2a in https://github.com/Tribler/tribler/pull/6546
* Fixed crash when editing tag by devos50 in https://github.com/Tribler/tribler/pull/6550
* Fix bug with space inside filter field by drew2a in https://github.com/Tribler/tribler/pull/6555
* Add CoreRuntimeError to the error list that causes Tribler shutdown by drew2a in https://github.com/Tribler/tribler/pull/6556
* Update ru_RU translation by ichorid in https://github.com/Tribler/tribler/pull/6565
* Fixes 1-Click release for 7.11 by kozlovsky in https://github.com/Tribler/tribler/pull/6568
* Install pip dependencies during the build by xoriole in https://github.com/Tribler/tribler/pull/6534
* Add requirements.txt by drew2a in https://github.com/Tribler/tribler/pull/6572
* Add the check on the empty completions_list by drew2a in https://github.com/Tribler/tribler/pull/6584
* Revert changelog based on git commit by xoriole in https://github.com/Tribler/tribler/pull/6595
</details>
New Contributors
* overflw made their first contribution in https://github.com/Tribler/tribler/pull/6056
* snyk-bot made their first contribution in https://github.com/Tribler/tribler/pull/6204
**Full Changelog**: https://github.com/Tribler/tribler/compare/v7.10.0...v7.11.0-RC1
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application