bumped version

piccolo-orm · Nov 10, 2023 · bbd2e4a · bbd2e4a
1 parent 82679eb
commit bbd2e4a
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,6 +1,33 @@
 Changes
 =======
 
+1.1.1
+-----
+
+Piccolo allows the user to specify savepoint names which are used in
+transactions. For example:
+
+.. code-block:: python
+
+    async with DB.transaction() as transaction:
+        await Band.insert(Band(name='Pythonistas'))
+
+        # Passing in a savepoint name is optional:
+        savepoint_1 = await transaction.savepoint('savepoint_1')
+
+        await Band.insert(Band(name='Terrible band'))
+
+        # Oops, I made a mistake!
+        await savepoint_1.rollback_to()
+
+Postgres doesn't allow us to parameterise savepoint names, which means there's
+a small chance of SQL injection, if for some reason the savepoint names were
+generated from end-user input. Even though the likelihood is very low, it's
+best to be safe. We now validate the savepoint name, to make sure it can only
+contain certain safe characters. Thanks to @Skelmis for making this change.
+
+-------------------------------------------------------------------------------
+
 1.1.0
 -----
 

diff --git a/piccolo/__init__.py b/piccolo/__init__.py
@@ -1 +1 @@
-__VERSION__ = "1.1.0"
+__VERSION__ = "1.1.1"