Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Werkzeug for openSUSE:Factory checked in at 2023-10-29 19:39:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Werkzeug (Old) and /work/SRC/openSUSE:Factory/.python-Werkzeug.new.17445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-Werkzeug" Sun Oct 29 19:39:26 2023 rev:45 rq:1120656 version:3.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Werkzeug/python-Werkzeug.changes 2023-09-26 22:08:07.054373345 +0200 +++ /work/SRC/openSUSE:Factory/.python-Werkzeug.new.17445/python-Werkzeug.changes 2023-10-29 19:39:28.486300192 +0100 @@ -1,0 +2,15 @@ +Fri Oct 27 03:06:50 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com> + +- Update to 3.0.1: + * Fix slow multipart parsing for large parts potentially enabling DoS + attacks. (CVE-2023-46136, bsc#1216581) + * Remove previously deprecated code. + * Deprecate the ``__version__`` attribute. Use feature detection, or + ``importlib.metadata.version("werkzeug")``, instead. + * ``generate_password_hash`` uses scrypt by default. + * Add the ``"werkzeug.profiler"`` item to the WSGI ``environ`` dictionary + passed to `ProfilerMiddleware`'s `filename_format` function. It contains + the ``elapsed`` and ``time`` values for the profiled request. + * Explicitly marked the PathConverter as non path isolating. + +------------------------------------------------------------------- Old: ---- werkzeug-2.3.7.tar.gz New: ---- werkzeug-3.0.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Werkzeug.spec ++++++ --- /var/tmp/diff_new_pack.rx6sGv/_old 2023-10-29 19:39:29.354331771 +0100 +++ /var/tmp/diff_new_pack.rx6sGv/_new 2023-10-29 19:39:29.354331771 +0100 @@ -27,7 +27,7 @@ %{?sle15_python_module_pythons} Name: python-Werkzeug%{psuffix} -Version: 2.3.7 +Version: 3.0.1 Release: 0 Summary: The Swiss Army knife of Python web development License: BSD-3-Clause ++++++ werkzeug-2.3.7.tar.gz -> werkzeug-3.0.1.tar.gz ++++++ ++++ 4766 lines of diff (skipped)