Fedora 42: python-jinja2 2025-bb0ea8b8c0 Security Advisory Updates
fedora
March 15, 2025
Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks.
Summary
Jinja2 is a template engine written in pure Python. It provides a
Django inspired non-XML syntax but supports inline expressions and an
optional sandboxed environment.
If you have any exposure to other text-based template languages, such
as Smarty or Django, you should feel right at home with Jinja2. It's
both designer and developer friendly by sticking to Python's
principles and adding functionality useful for templating
environments.
Update Information:
Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks.
Change Log
* Sun Mar 9 2025 Thomas Moschny
References
[ 1 ] Bug #2350190 - CVE-2025-27516 jinja2: Jinja sandbox breakout through attr filter selecting format method
https://bugzilla.redhat.com/show_bug.cgi?id=2350190
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-bb0ea8b8c0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: python-jinja2
Product: Fedora 42
Version: 3.1.6
Release: 1.fc42
Summary: General purpose template engine
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!