This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.6/
Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6
- The
|attrfilter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7