diff options
Diffstat (limited to 'CHANGES.txt')
-rw-r--r-- | CHANGES.txt | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 2ceab57..c3e176c 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,5 +1,16 @@ -Version 3.19.0 released 2023-04-XX - +Version 3.19.0 released 2023-04-06 + +* This release contains security hardening measures based on recommendations + by a security audit sponsored by OSTIF and conducted by X41 D-Sec GmbH. + Several of these measures include changing defaults to be more strict, + by default simplejson will now only consume and produce compliant JSON, + but the flags still exist for any backwards compatibility needs. + No high priority issues were discovered, the reference count + leak is thought to be unreachable since the digits of the float are + checked before PyOS_string_to_double is called. + A link to the public version of this report will be included in a + future release of simplejson. The following fixes were implemented in + one PR: https://github.com/simplejson/simplejson/pull/313 * Fix invalid handling of unicode escape sequences in the pure Python implementation of the decoder (SJ-PT-23-01) * Fix missing reference count decrease if PyOS_string_to_double raises |