Safety vulnerability ID: 52562
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Pyramid-fullauth 1.0.0 updates its dependency 'SQLAlchemy' to be at least version 1.3.0 to include security fixes.
Latest version: 2.0.2
pyramid_fullauth provides full authentication / authorisation implementation for pyramid applications
----------
- [packaging] use setup.cfg to define package metadata nad options
- [cleanup] blackify codebase
- [enhancement] move CI to github-actions
- [breaking] removed dependency on tzf.pyramid_yml and pymlconf. All configuration has to be handled within .ini file now.
- [enhancement] refactored route_predicates. Now user_path_hash can handle all user hashes.
- [enhancement] Changed default cookie session factory from `UnencryptedCookieSessionFactoryConfig` to `SignedCookieSessionFactory`.
- [enhancement] Use require_csrf instead of use_csrf view decorator predicate.
This raises now 400 http error instead of 401 in case of bad or no csrf token when required.
- [enhancement] Set default session serializer as JSONSerializer to comply with pyramid's 2.0 change
- [enhancement] Require minimum pyramid 1.10.
- [enhancement] properly lint code through pylint an fix found issues
- [security] Set minimum requirement for SQLAlchemy to be at least 1.3.0 to protect against
`CVE-2019-7164 <https://nvd.nist.gov/vuln/detail/CVE-2019-7164>`_ and
`CVE-2019-7548 <https://nvd.nist.gov/vuln/detail/CVE-2019-7548>`_
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application