Warning
This release fixes a vulnerability (CVE-2024-36039).
All users are recommended to update to this version.
If you can not update soon, check the input value from untrusted source has an expected type.
Only dict input from untrusted source can be an attack vector.
What's Changed
- Prohibit dict parameter for
Cursor.execute(). It didn't produce valid SQL
and might cause SQL injection. (CVE-2024-36039) - Added ssl_key_password param by @svaskov in #1145
Merged PRs
- Add support for Python 3.12 by @hugovk in #1134
- chore(deps): update actions/checkout action to v4 by @renovate in #1136
- Update codecov/codecov-action action to v4 by @renovate in #1137
- ci: use codecov@v3 by @methane in #1142
- chore(deps): update dessant/lock-threads action to v5 by @renovate in #1141
- doc: use rtd theme by @methane in #1143
- use Ruff as formatter by @methane in #1144
- chore(deps): update dependency sphinx-rtd-theme to v2 by @renovate in #1147
- chore(deps): update actions/setup-python action to v5 by @renovate in #1152
- chore(deps): update github/codeql-action action to v3 by @renovate in #1154
- chore(deps): update codecov/codecov-action action to v4 by @renovate in #1158
- Support error packet without sqlstate by @methane in #1160
- test json - mariadb without JSON type by @grooverdan in #1165
New Contributors
Full Changelog: v1.1.0...v1.1.1
Contributors
methane, grooverdan, and 3 other contributors
Assets 2
3
Join discussion