jinja2 (3.1.2-1ubuntu1.3) noble-security; urgency=medium
* SECURITY UPDATE: Arbitrary code execution via |attr filter bypass
- debian/patches/CVE-2025-27516.patch: attr filter uses env.getattr
- CVE-2025-27516
-- John Breton <john.breton@canonical.com> Mon, 10 Mar 2025 12:56:35 -0400
jinja2 (3.1.2-1ubuntu1.2) noble-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution issue in jinja compiler
- debian/patches/CVE-2024-56201.patch: f-string syntax handling in code
generation improved in src/jinja2/compiler.py.
- debian/patches/CVE-2024-56326.patch: oversight on calls to str.format
adjusted in src/jinja2/sandbox.py.
- CVE-2024-56201
- CVE-2024-56326
-- Evan Caville <evan.caville@canonical.com> Mon, 06 Jan 2025 14:55:29 +1000
jinja2 (3.1.2-1ubuntu1.1) noble-security; urgency=medium
* SECURITY UPDATE: Cross-Site scripting in xmlattr filter
- debian/patches/CVE-2024-34064.patch: disallow invalid characters
in keys to xmlattr filter
- CVE-2024-34064
-- Nick Galanis <nick.galanis@canonical.com> Tue, 21 May 2024 15:32:08 +0100
jinja2 (3.1.2-1ubuntu1) noble; urgency=medium
* SECURITY UPDATE: Cross-Site scripting
- debian/patches/CVE-2024-22195.patch: disallow keys with spaces
in jinja2/filters.py, tests/test_filters.py.
- CVE-2024-22195
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Thu, 18 Jan 2024 08:40:53 -0300
jinja2 (3.1.2-1) unstable; urgency=medium
[ Thomas Goirand ]
* Add python3-pytest as build-depends (now run tests at build time).
* Add autopkgtest.
[ Piotr Ożarowski ]
* New upstream release (closes: 1025808, 1023637)
* Add 0003-fix-nose-leftovers patch
* Bump minimum required python3-pallets-sphinx-themes build dependency
(closes: 1005864)
-- Piotr Ożarowski <piotr@debian.org> Fri, 24 Feb 2023 16:15:45 +0100
jinja2 (3.0.3-2) unstable; urgency=medium
* Team upload.
* Downgrading python3-babel from depends to recommends (Closes: #1019580).
-- Thomas Goirand <zigo@debian.org> Tue, 13 Sep 2022 10:26:29 +0200
jinja2 (3.0.3-1) unstable; urgency=medium
* New upstream release
-- Piotr Ożarowski <piotr@debian.org> Fri, 11 Feb 2022 13:50:47 +0100
jinja2 (3.0.1-2) unstable; urgency=medium
* Uploading to unstable.
-- Thomas Goirand <zigo@debian.org> Fri, 01 Oct 2021 11:22:02 +0200
jinja2 (3.0.1-1) experimental; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since stretch:
+ Build-Depends: Drop versioned constraint on python-setuptools.
[ Thomas Goirand ]
* Team upload.
* New upstream release.
* Ran wrap-and-sort -bastk.
* Fixed (build-)depends for this release.
* Killed the python2 package.
* Rebase patches:
- re-wrote py3.9-fix-collections-import.patch
- refreshed 0002-docs-disable-sphinxcontrib.log_cabinet.patch
* Use debian/jinja.vim instead of the one upstream, gone in this version.
-- Thomas Goirand <zigo@debian.org> Fri, 17 Sep 2021 23:25:00 +0200
jinja2 (2.11.3-1) unstable; urgency=medium
* Team upload.
[ Ondřej Nový ]
* d/control: Update Vcs-* fields with new Debian Python Team Salsa
layout.
[ Debian Janitor ]
* Apply multi-arch hints.
+ python-jinja2-doc: Add Multi-Arch: foreign.
[ Sandro Tosi ]
* Use the new Debian Python Team contact name and address
[ Hans-Christoph Steiner ]
* New upstream release
-- Hans-Christoph Steiner <hans@eds.org> Mon, 01 Mar 2021 12:05:52 +0100
jinja2 (2.11.2-1) unstable; urgency=medium
* New upstream release
-- Piotr Ożarowski <piotr@debian.org> Thu, 04 Jun 2020 19:31:21 +0200
jinja2 (2.11.1-1) unstable; urgency=medium
[ Thomas Goirand ]
* py3.9-fix-collections-import.patch: correctly "except ImportError:"
everywhere in the patch.
[ Salman Mohammadi ]
* d/control: change python-jinja2-doc to recommend python3-jinja2
(closes: 951672)
[ Piotr Ożarowski ]
* New upstream release
* Add python3-pallets-sphinx-themes and python3-sphinx-issues to Build-Depends
* Add patch to disable sphinxcontrib.log_cabinet for now as it's not
packaged in Debian yet (versionadded, versionchanged, deprecated
directives in changelog will not be used)
* Move Vim syntax files to python3-jinja2 package
* Standards-version bumped to 4.5.0 (no other changes needed)
-- Piotr Ożarowski <piotr@debian.org> Thu, 02 Apr 2020 13:35:21 +0200
jinja2 (2.10.1-2) unstable; urgency=medium
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat.
* Bump Standards-Version to 4.4.1.
[ Thomas Goirand ]
* Team upload.
* Add py3.9-fix-collections-import.patch (Closes: #949018).
-- Thomas Goirand <zigo@debian.org> Thu, 27 Feb 2020 11:49:32 +0100
jinja2 (2.10.1-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/changelog: Remove trailing whitespaces
* d/control: Remove ancient X-Python-Version field
* d/control: Remove ancient X-Python3-Version field
* Convert git repository from git-dpm to gbp layout
[ Piotr Ożarowski ]
* New upstream release
* Standards-version bumped to 4.4.0 (no other changes needed)
-- Piotr Ożarowski <piotr@debian.org> Wed, 10 Jul 2019 22:34:15 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog python3-jinja2`.
Generated by dwww version 1.16 on Mon Dec 15 20:50:09 CET 2025.