Closed buruzaemon closed 5 years ago
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
Although this only involves the YAML-handling during testing, we should explicitly install a safe version of PyYAML during travis test runs.
Please see https://nvd.nist.gov/vuln/detail/CVE-2017-18342
Since there are issues with Python 3.2 and pip, we will remove support for 3.2 in the tests run in Travis.
All tests are green for Python 2.7, 3.3, 3.4, 3.5 and 3.6.
Closing this issue.
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
Although this only involves the YAML-handling during testing, we should explicitly install a safe version of PyYAML during travis test runs.
Please see https://nvd.nist.gov/vuln/detail/CVE-2017-18342