This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Jinja2/3.1.4/
Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4
- The
xmlattrfilter does not allow keys with/solidus,>greater-than sign, or=equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj