Skip to content

Commit e278bc0

Browse files
committed
Release v1.1.3: Multiple security fixes
- CVE-2026-23879: Arbitrary File Write Vulnerability in py7zr (high severity) - CVE-2026-55206: O(n^2) algorithmic complexity DoS in PackInfo._read() in py7zr - CVE-2026-55195: py7zr <= 1.1.2: Decompression bomb (zip bomb) denial of service via unchecked extraction size
1 parent e4a225b commit e278bc0

1 file changed

Lines changed: 5 additions & 1 deletion

File tree

docs/Changelog.rst

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ All notable changes to this project will be documented in this file.
99
`Unreleased`_
1010
=============
1111

12+
`v1.1.3`_
13+
=========
14+
1215
Security
1316
--------
1417

@@ -224,7 +227,8 @@ Changed
224227

225228

226229
.. History links
227-
.. _Unreleased: https://github.com/miurahr/py7zr/compare/v1.1.2...HEAD
230+
.. _Unreleased: https://github.com/miurahr/py7zr/compare/v1.1.3...HEAD
231+
.. _v1.1.3: https://github.com/miurahr/py7zr/compare/v1.1.2..v1.1.3
228232
.. _v1.1.2: https://github.com/miurahr/py7zr/compare/v1.1.1..v1.1.2
229233
.. _v1.1.1: https://github.com/miurahr/py7zr/compare/v1.1.0..v1.1.1
230234
.. _v1.1.0: https://github.com/miurahr/py7zr/compare/v1.0.0..v1.1.0

0 commit comments

Comments
 (0)