5.4 release5.4 release/5.4

author: Ingy döt Net <ingy@ingy.net> 2021-01-19 14:07:59 -0500
committer: Ingy döt Net <ingy@ingy.net> 2021-01-19 14:07:59 -0500
commit: 58d0cb7ee09954c67fabfbd714c5673b03e7a9e1 (patch)
tree: 044bb43f73d22205ef1b18d74831311f62cbf190
parent: a60f7a19c0b418fe95fcf2ec0957005ae39e1090 (diff)
download: pyyaml-git-58d0cb7ee09954c67fabfbd714c5673b03e7a9e1.tar.gz
6 files changed, 39 insertions, 21 deletions
diff --git a/CHANGES b/CHANGES
index f3facb1..876bd33 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@ For a complete changelog, see:
 * https://github.com/yaml/pyyaml/commits/
 * https://bitbucket.org/xi/pyyaml/commits/
 
+5.4 (2021-01-19)
+
+* https://github.com/yaml/pyyaml/pull/407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
+* https://github.com/yaml/pyyaml/pull/472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
+* https://github.com/yaml/pyyaml/pull/441 -- Fix memory leak in implicit resolver setup
+* https://github.com/yaml/pyyaml/pull/392 -- Fix py2 copy support for timezone objects
+* https://github.com/yaml/pyyaml/pull/378 -- Fix compatibility with Jython
+
 5.3.1 (2020-03-18)
 
 * https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor
@@ -11,7 +19,7 @@ For a complete changelog, see:
 5.3 (2020-01-06)
 
 * https://github.com/yaml/pyyaml/pull/290 -- Use `is` instead of equality for comparing with `None`
-* https://github.com/yaml/pyyaml/pull/270 -- fix typos and stylistic nit
+* https://github.com/yaml/pyyaml/pull/270 -- Fix typos and stylistic nit
 * https://github.com/yaml/pyyaml/pull/309 -- Fix up small typo
 * https://github.com/yaml/pyyaml/pull/161 -- Fix handling of __slots__
 * https://github.com/yaml/pyyaml/pull/358 -- Allow calling add_multi_constructor with None
@@ -21,8 +29,8 @@ For a complete changelog, see:
 * https://github.com/yaml/pyyaml/pull/359 -- Use full_load in yaml-highlight example
 * https://github.com/yaml/pyyaml/pull/244 -- Document that PyYAML is implemented with Cython
 * https://github.com/yaml/pyyaml/pull/329 -- Fix for Python 3.10
-* https://github.com/yaml/pyyaml/pull/310 -- increase size of index, line, and column fields
-* https://github.com/yaml/pyyaml/pull/260 -- remove some unused imports
+* https://github.com/yaml/pyyaml/pull/310 -- Increase size of index, line, and column fields
+* https://github.com/yaml/pyyaml/pull/260 -- Remove some unused imports
 * https://github.com/yaml/pyyaml/pull/163 -- Create timezone-aware datetimes when parsed as such
 * https://github.com/yaml/pyyaml/pull/363 -- Add tests for timezone
 
diff --git a/LICENSE b/LICENSE
index 3d82c28..2f1b8e1 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2017-2020 Ingy döt Net
+Copyright (c) 2017-2021 Ingy döt Net
 Copyright (c) 2006-2016 Kirill Simonov
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
diff --git a/announcement.msg b/announcement.msg
index 1e32b3c..118d5e3 100644
--- a/announcement.msg
+++ b/announcement.msg
@@ -1,25 +1,34 @@
-From: Tina Müller <post@tinita.de>
+From: Ingy döt Net <ingy@ingy.net>
 To: python-list@python.org, python-announce@python.org, yaml-core@lists.sourceforge.net
-Subject: [ANN] PyYAML-5.3.1: YAML parser and emitter for Python
+Subject: [ANN] PyYAML-5.4 Released
 
-=======================
-Announcing PyYAML-5.3.1
-=======================
+=====================
+Announcing PyYAML-5.4
+=====================
 
 A new release of PyYAML is now available:
-https://pypi.org/project/PyYAML/
+https://github.com/yaml/pyyaml/releases/tag/5.4
 
-This release contains a security fix for CVE-2020-1747. FullLoader was still
-exploitable for arbitrary command execution.
-https://bugzilla.redhat.com/show_bug.cgi?id=1807367
+This release contains a security fix for CVE-2020-14343. It removes the
+python/module, python/object, and python/object/new tags from the FullLoader.
+YAML that uses these tags must be loaded by UnsafeLoader, or a custom loader
+that has explicitly enabled them.
+
+This release also adds Python wheels for manylinux1 (x86_64) and MacOS (x86_64)
+with the libyaml extension included (built on libyaml 0.2.5).
+
+PyYAML 5.4 will be the last release to support Python 2.7 (except for possible
+critical bug fix releases).
 
-Thanks to Riccardo Schirone (https://github.com/ret2libc) for both reporting
-this and providing the fixes to resolve it.
 
 Changes
 =======
 
-* https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor
+* https://github.com/yaml/pyyaml/pull/407 -- build modernization, remove distutils, fix metadata, build wheels, CI to GHA
+* https://github.com/yaml/pyyaml/pull/472 -- fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
+* https://github.com/yaml/pyyaml/pull/441 -- fix memory leak in implicit resolver setup
+* https://github.com/yaml/pyyaml/pull/392 -- fix py2 copy support for timezone objects
+* https://github.com/yaml/pyyaml/pull/378 -- fix compatibility with Jython
 
 
 Resources
@@ -55,6 +64,7 @@ files to object serialization and persistence.
 Example
 =======
 
+```
 >>> import yaml
 
 >>> yaml.full_load("""
@@ -72,7 +82,7 @@ name: PyYAML
 homepage: https://github.com/yaml/pyyaml
 description: YAML parser and emitter for Python
 keywords: [YAML, serialization, configuration, persistence, pickle]
-
+```
 
 Maintainers
 ===========
@@ -89,7 +99,7 @@ See: https://github.com/yaml/pyyaml/pulls
 Copyright
 =========
 
-Copyright (c) 2017-2020 Ingy döt Net <ingy@ingy.net>
+Copyright (c) 2017-2021 Ingy döt Net <ingy@ingy.net>
 Copyright (c) 2006-2016 Kirill Simonov <xi@resolvent.net>
 
 The PyYAML module was written by Kirill Simonov <xi@resolvent.net>.
diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py
index 6da15d8..1263d96 100644
--- a/lib/yaml/__init__.py
+++ b/lib/yaml/__init__.py
@@ -8,7 +8,7 @@ from nodes import *
 from loader import *
 from dumper import *
 
-__version__ = '5.4.0a0'
+__version__ = '5.4'
 
 try:
     from cyaml import *
diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py
index 98b662c..ee3d4b3 100644
--- a/lib3/yaml/__init__.py
+++ b/lib3/yaml/__init__.py
@@ -8,7 +8,7 @@ from .nodes import *
 from .loader import *
 from .dumper import *
 
-__version__ = '5.4.0a0'
+__version__ = '5.4'
 try:
     from .cyaml import *
     __with_libyaml__ = True
diff --git a/setup.py b/setup.py
index 296b599..ed2487d 100644
--- a/setup.py
+++ b/setup.py
@@ -1,6 +1,6 @@
 
 NAME = 'PyYAML'
-VERSION = '5.4.0a0'
+VERSION = '5.4'
 DESCRIPTION = "YAML parser and emitter for Python"
 LONG_DESCRIPTION = """\
 YAML is a data serialization format designed for human readability
author	Ingy döt Net <ingy@ingy.net>	2021-01-19 14:07:59 -0500
committer	Ingy döt Net <ingy@ingy.net>	2021-01-19 14:07:59 -0500
commit	58d0cb7ee09954c67fabfbd714c5673b03e7a9e1 (patch)
tree	044bb43f73d22205ef1b18d74831311f62cbf190
parent	a60f7a19c0b418fe95fcf2ec0957005ae39e1090 (diff)
download	pyyaml-git-58d0cb7ee09954c67fabfbd714c5673b03e7a9e1.tar.gz