PyMySQL/PyMySQL (PyMySQL)
### [`v1.1.1`](https://togithub.com/PyMySQL/PyMySQL/blob/HEAD/CHANGELOG.md#v111)
[Compare Source](https://togithub.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1)
Release date: 2024-05-21
> \[!WARNING]
> This release fixes a vulnerability (CVE-2024-36039).
> All users are recommended to update to this version.
>
> If you can not update soon, check the input value from
> untrusted source has an expected type. Only dict input
> from untrusted source can be an attack vector.
- Prohibit dict parameter for `Cursor.execute()`. It didn't produce valid SQL
and might cause SQL injection. (CVE-2024-36039)
- Added ssl_key_password param. [#1145](https://togithub.com/PyMySQL/PyMySQL/issues/1145)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
==1.1.0->==1.1.1Release Notes
PyMySQL/PyMySQL (PyMySQL)
### [`v1.1.1`](https://togithub.com/PyMySQL/PyMySQL/blob/HEAD/CHANGELOG.md#v111) [Compare Source](https://togithub.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1) Release date: 2024-05-21 > \[!WARNING] > This release fixes a vulnerability (CVE-2024-36039). > All users are recommended to update to this version. > > If you can not update soon, check the input value from > untrusted source has an expected type. Only dict input > from untrusted source can be an attack vector. - Prohibit dict parameter for `Cursor.execute()`. It didn't produce valid SQL and might cause SQL injection. (CVE-2024-36039) - Added ssl_key_password param. [#1145](https://togithub.com/PyMySQL/PyMySQL/issues/1145)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.