Skip to content

Version 1.3.0

Latest
Latest
Compare
Choose a tag to compare
@hemberger hemberger released this 04 Jul 19:21
· 13 commits to main since this release
v1.3.0
16238f4
This commit was signed with the committer’s verified signature.
hemberger Dan Hemberger
GPG key ID: 38C20270997755C9
Learn about vigilant mode.

Breaking changes

  • To prevent malicious web servers from reading arbitrary files from the client, files must now be opened explicitly by the user in order to upload their contents in form submission. For example, instead of:

    browser["upload"] = "/path/to/file"

    you would now use:

    browser["upload"] = open("/path/to/file", "rb")

    This remediates CVE-2023-34457. Our thanks to @e-c-d for reporting and helping to fix the vulnerability!

Main changes

  • Added support for Python 3.11.

  • Allow submitting a form with no submit element. This can be achieved by passing submit=False to StatefulBrowser.submit_selected. Thanks @alexreg! [#480]

Contributors

alexreg and e-c-d
Assets 2