Roundup Tracker - Issues

Issue 2551198

classification
mistune 3.0 support
Type: rfe Severity: normal
Components: Web interface Versions:
process
Status: new
:
: : rouilj
Priority: :

Created on 2022-04-05 02:51 by rouilj, last changed 2024-02-07 02:20 by rouilj.

Messages
msg7465 Author: [hidden] (rouilj) Date: 2022-04-05 02:51 
Only mistume 1.x is supported. Mistune 2.0 support wasn't straight forward.
I opened a ticket with mistune and they just responded.

https://github.com/lepture/mistune/issues/290#issuecomment-1086333175

so incorporate their changes into the code base.
msg7641 Author: [hidden] (rouilj) Date: 2022-09-01 20:23 
Also 0.8.4 which is the version supported has a CVE against it.

https://nvd.nist.gov/vuln/detail/CVE-2022-34749

its a DOS caused by regexp backtracking in inline formatting.

fixed in 2.2.0.
msg7937 Author: [hidden] (rouilj) Date: 2024-02-07 02:20 
In the interim mistune 3.x has been released. Might as well target 3.x with python 3.x
only.
History
Date User Action Args
2024-02-07 02:20:32rouiljsetmessages: + msg7937
title: mistune 2.0 support -> mistune 3.0 support
2022-09-01 20:23:47rouiljsetmessages: + msg7641
2022-04-05 02:51:26rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020