Sourced from pymysql's\r\nreleases.
\r\n\r\n\r\nv1.1.1
\r\n\r\n\r\n[!WARNING]\r\nThis release fixes a vulnerability (CVE-2024-36039).\r\nAll users are recommended to update to this version.
\r\nIf you can not update soon, check the input value from untrusted\r\nsource has an expected type.\r\nOnly dict input from untrusted source can be an attack vector.
\r\nWhat's Changed
\r\n\r\n
\r\n- Prohibit dict parameter for
\r\nCursor.execute()
. It didn't\r\nproduce valid SQL\r\nand might cause SQL injection. (CVE-2024-36039)- Added ssl_key_password param by
\r\n@svaskov
in PyMySQL/PyMySQL#1145Merged PRs
\r\n\r\n
\r\n- Add support for Python 3.12 by
\r\n@hugovk
in PyMySQL/PyMySQL#1134- chore(deps): update actions/checkout action to v4 by
\r\n@renovate
in PyMySQL/PyMySQL#1136- Update codecov/codecov-action action to v4 by
\r\n@renovate
in PyMySQL/PyMySQL#1137- ci: use codecov@v3 by
\r\n@methane
in PyMySQL/PyMySQL#1142- chore(deps): update dessant/lock-threads action to v5 by
\r\n@renovate
in PyMySQL/PyMySQL#1141- doc: use rtd theme by
\r\n@methane
in PyMySQL/PyMySQL#1143- use Ruff as formatter by
\r\n@methane
in PyMySQL/PyMySQL#1144- chore(deps): update dependency sphinx-rtd-theme to v2 by
\r\n@renovate
in PyMySQL/PyMySQL#1147- chore(deps): update actions/setup-python action to v5 by
\r\n@renovate
in PyMySQL/PyMySQL#1152- chore(deps): update github/codeql-action action to v3 by
\r\n@renovate
in PyMySQL/PyMySQL#1154- chore(deps): update codecov/codecov-action action to v4 by
\r\n@renovate
in PyMySQL/PyMySQL#1158- Support error packet without sqlstate by
\r\n@methane
in PyMySQL/PyMySQL#1160- test json - mariadb without JSON type by
\r\n@grooverdan
in PyMySQL/PyMySQL#1165New Contributors
\r\n\r\n
\r\n- \r\n
@hugovk
made\r\ntheir first contribution in PyMySQL/PyMySQL#1134- \r\n
@svaskov
made\r\ntheir first contribution in PyMySQL/PyMySQL#1145Full Changelog: https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1
\r\n
Sourced from pymysql's\r\nchangelog.
\r\n\r\n\r\nv1.1.1
\r\nRelease date: 2024-05-21
\r\n\r\n\r\n[!WARNING]\r\nThis release fixes a vulnerability (CVE-2024-36039).\r\nAll users are recommended to update to this version.
\r\nIf you can not update soon, check the input value from\r\nuntrusted source has an expected type. Only dict input\r\nfrom untrusted source can be an attack vector.
\r\n\r\n
\r\n- Prohibit dict parameter for
\r\nCursor.execute()
. It didn't\r\nproduce valid SQL\r\nand might cause SQL injection. (CVE-2024-36039)- Added ssl_key_password param. #1145
\r\n
2cab9ec
\r\nv1.1.1521e400
\r\nforbid dict parameter7f032a6
\r\nremove coveralls from requirements69f6c74
\r\nruff formatb4ed688
\r\ntest json - mariadb without JSON type (#1165)bbd049f
\r\nSupport error packet without sqlstate (#1160)9694747
\r\npyupgrade1f0b785
\r\nchore(deps): update codecov/codecov-action action to v4 (#1158)1e28be8
\r\nchore(deps): update github/codeql-action action to v3 (#1154)f13f054
\r\nchore(deps): update actions/setup-python action to v5 (#1152)