From 3eec44e52233c68ea8299a16b36ec7f2ad0c2fe3 Mon Sep 17 00:00:00 2001 From: Andi Albrecht Date: Fri, 10 Sep 2021 08:31:05 +0200 Subject: [PATCH] Update Changelog and bump version. --- CHANGELOG | 13 +++++++++++-- sqlparse/__init__.py | 2 +- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 41a4c2af..7be71b65 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,14 @@ -Development Version -------------------- +Release 0.4.2 (Sep 10, 2021) +---------------------------- + +Notable Changes + +* IMPORTANT: This release fixes a security vulnerability in the + strip comments filter. In this filter a regular expression that was + vulnerable to ReDOS (Regular Expression Denial of Service) was + used. + The vulnerability was discovered by @erik-krogh and @yoff from + GitHub Security Lab (GHSL). Thanks for reporting! Enhancements diff --git a/sqlparse/__init__.py b/sqlparse/__init__.py index bb9b88a5..9cab9d2c 100644 --- a/sqlparse/__init__.py +++ b/sqlparse/__init__.py @@ -16,7 +16,7 @@ from sqlparse import formatter -__version__ = '0.4.2.dev0' +__version__ = '0.4.2' __all__ = ['engine', 'filters', 'formatter', 'sql', 'tokens', 'cli']