Safety vulnerability ID: 70558
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Nikola version 8.3.1 addresses a directory traversal vulnerability within its nikola auto command, which stemmed from an issue in the aiottp library detailed in CVE-2024-23334.
Latest version: 8.3.1
A modular, fast, simple, static website and blog generator
=============
Features
--------
* Support passing ``--poll`` to ``nikola auto`` to better deal with symlink farms.
Bugfixes
--------
* Remove insecure HTTP fallback from ``nikola plugin``
* Fix the ``nikola plugin`` command not working (Issue 3736, 3737)
* Fix ``nikola new_post --available-formats`` crashing with TypeError
(Issue 3750)
* Fix the new plugin manager not loading plugins if the plugin folder is a symlink (Issue 3741)
* Fix the ``nikola plugin`` command not working (Issue 3736)
* Remove no longer used leftovers of annotations support (Issue 3764)
Other
-----
* Nikola now requires Python 3.8 or newer.
* Nikola has adopted a policy for Python version support,
promising support for versions supported by the Python core team,
Ubuntu LTS, or Debian stable, and taking into consideration
Debian oldstable and PyPy.
* Remove polyfill from `polyfill.io`.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application