• e541f2d [2.2.x] Bumped version for 2.2.27 release.
• c477b76 [2.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
• c27a7eb [2.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
• 4cafd3a [2.2.x] Added stub release notes 2.2.27.
• 77d0fe5 [2.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security ...
• e085d46 [2.2.x] Post-release version bump.
• 44e7cca 2.2.x] Bumped version for 2.2.26 release.
• 4cb35b3 [2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage sub...
• c9f648c [2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dic...
• 2135637 [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilari...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• df9fd46 [2.2.x] Bumped version for 2.2.22 release.
• d9594c4 [2.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs fro...
• 1637003 [2.2.x] Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows.
• bcafd9b [2.2.x] Added CVE-2021-31542 to security archive.
• 3931dc7 [2.2.x] Post-release version bump.
• ff1385a [2.2.x] Bumped version for 2.2.21 release.
• 04ac162 [2.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file...
• 7f1b088 [2.2.x] Added CVE-2021-28658 to security archive.
• e95fbb6 [2.2.x] Post-release version bump.
• ad9fa56 [2.2.x] Bumped version for 2.2.20 release.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• ff1385a [2.2.x] Bumped version for 2.2.21 release.
• 04ac162 [2.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file...
• 7f1b088 [2.2.x] Added CVE-2021-28658 to security archive.
• e95fbb6 [2.2.x] Post-release version bump.
• ad9fa56 [2.2.x] Bumped version for 2.2.20 release.
• 4036d62 [2.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploa...
• 6e58828 [2.2.x] Added CVE-2021-23336 to security archive.
• 1fb4628 [2.2.x] Post-release version bump.
• 21a5547 [2.2.x] Bumped version for 2.2.19 release.
• fd6b6af [2.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.ht...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• ad9fa56 [2.2.x] Bumped version for 2.2.20 release.
• 4036d62 [2.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploa...
• 6e58828 [2.2.x] Added CVE-2021-23336 to security archive.
• 1fb4628 [2.2.x] Post-release version bump.
• 21a5547 [2.2.x] Bumped version for 2.2.19 release.
• fd6b6af [2.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.ht...
• 226d831 [2.2.x] Added documentation extlink for bugs.python.org.
• 34010d8 [2.2.x] Added CVE-2021-3281 to security archive.
• 06ae7e0 [2.2.x] Post-release version bump.
• fc0c8cf [2.2.x] Bumped version for 2.2.18 release.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• fc0c8cf [2.2.x] Bumped version for 2.2.18 release.
• 21e7622 [2.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archiv...
• ee9d623 [2.2.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database.
• e8e28e7 [2.2.x] Updated CVE URL.
• e893c0a [2.2.x] Fixed #31850 -- Fixed BasicExtractorTests.test_extraction_warning wit...
• 3da29a3 [2.2.x] Post-release version bump.
• c769f65 [2.2.x] Bumped version for 2.2.17 release.
• 3db9a7a [2.2.x] Set release date for 2.2.17.
• b4b8ca4 [2.2.x] Refs #31040 -- Doc'd Python 3.9 compatibility.
• 01742aa [2.2.x] Refs #31040 -- Fixed Python PendingDeprecationWarning in select_for_u...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from cryptography's changelog.

3.2 - 2020-10-25

* **SECURITY ISSUE:** Attempted to make RSA PKCS#1v1.5 decryption more constant
  time, to protect against Bleichenbacher vulnerabilities. Due to limitations
  imposed by our API, we cannot completely mitigate this vulnerability and a
  future release will contain a new API which is designed to be resilient to
  these for contexts where it is required. Credit to **Hubert Kario** for
  reporting the issue. *CVE-2020-25659*
* Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL
  will need to upgrade.
* Added basic support for PKCS7 signing (including SMIME) via
  :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`.
.. _v3-1-1:
3.1.1 - 2020-09-22

• Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1h.

.. _v3-1:

3.1 - 2020-08-26

* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
  :term:`U-label` parsing in various X.509 classes. This support was originally
  deprecated in version 2.1 and moved to an extra in 2.5.
* Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
  the OpenSSL project. The next version of ``cryptography`` will drop support
  for it.
* Deprecated support for Python 3.5. This version sees very little use and will
  be removed in the next release.
* ``backend`` arguments to functions are no longer required and the
  default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
  and
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
  .
* Calling ``update`` or ``update_into`` on
  :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
  longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
  also resolves the same issue in :doc:`/fernet`.
.. _v3-0:
3.0 - 2020-07-20
</tr></table>

... (truncated)

• c9e6522 3.2 release (#5508)
• 58494b4 Attempt to mitigate Bleichenbacher attacks on RSA decryption (#5507)
• cf9bd6a move blinding to init on both RSA public and private (#5506)
• bf4b962 be more verbose in the 102 deprecation notice (#5505)
• ada53e7 make the regexes for branches more strict (#5504)
• 8be1d4b Stop using @master for GH actions (#5503)
• 08a97cc Bump actions/upload-artifact from v1 to v2.2.0 (#5502)
• 52a0e44 Add a dependabot configuration to bump our github actions (#5501)
• 611c4a3 PKCS7SignatureBuilder now supports new option NoCerts when signing (#5500)
• 836a92a chunking didn't actually work (#5499)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 2da029d [2.2.x] Bumped version for 2.2.24 release.
• f27c38a [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
• 053cc95 [2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs'...
• 6229d87 [2.2.x] Confirmed release date for Django 2.2.24.
• f163ad5 [2.2.x] Added stub release notes and date for Django 2.2.24.
• bed1755 [2.2.x] Changed IRC references to Libera.Chat.
• 63f0d7a [2.2.x] Refs #32718 -- Fixed file_storage.test_generate_filename and model_fi...
• 5fe4970 [2.2.x] Post-release version bump.
• 61f814f [2.2.x] Bumped version for 2.2.23 release.
• b8ecb06 [2.2.x] Fixed #32718 -- Relaxed file name validation in FileField.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from autobahn's changelog.

20.12.3

• fix: URL must be re-encoded when doing redirect (#1439)
• fix: update and migrate CI/CD pipeline to GitHub Actions
• new: minimum supported Python (language) version is now 3.6 (on CPython and PyPy)

20.12.2

• fix: derive_bip32childkey traceback (#1436)
• fix: update and adjust docker files to upstream changes

20.12.1

• new: CLI commands for WAMP IDL (xbrnetwork describe-schema / codegen-schema)
• new: add eth address helpers (#1413)
• new: cryptosign authextra allow arbitrary keys (#1411)
• fix: adapt to planet api prefix change (#1408)
• fix: Type check improve (#1405)

20.7.1

• new: add market login eip. expose helpers (#1402)

20.6.2

• fix: xbr fixes (#1396)
• fix: use cpy 3.8 for running flake in CI
• new: Ticket1392 internal attrs (#1394)
• new: internal-only router attributes and hook for router to add custom information

20.6.1

• new: massive expansion of XBR CLI and EIP712 helpers
• new: more (exhaustive) serializer cross-tripping tests
• fix: some code quality and bug-risk issues (#1379)
• fix: removed externalPort assignment when not set (#1378)
• fix: docs link in README (#1381)
• fix: docs typo frameword -> framework (#1380)
• fix: improve logging; track results on observable mixin
• new: add environmental variable that strips xbr. (#1374)
• fix: trollius is gone (#1373)
• new: added ability to disable TLS channel binding (#1368)

20.4.3

... (truncated)

• 3960cba fix deploy step
• 79ae908 fix deploy step
• bef42d9 sync (#1441)
• 268e986 migrate travis to gh actions (#1440)
• d889394 deletes deleted example from README.md (#1438)
• f7b7ad5 URL must be re-encoded when doing redirect (#1439)
• c08e9e3 fix minor docker makefile targets
• cd3c4d8 fix xbr mnemonic helper (#1437)
• e1cc990 fix dep
• 4bbc1a6 Wamp idl 3 (#1434)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 8093aaa [2.2.x] Bumped version for 2.2.13 release.
• 07e59ca [2.2.x] Fixed CVE-2020-13254 -- Enforced cache key validation in memcached ba...
• 6d61860 [2.0.x] Fixed CVE-2020-13596 -- Fixed potential XSS in admin ForeignKeyRawIdW...
• 7e1084e [2.2.x] Added release date for 2.2.13.
• 2b69680 [2.2.x] Refs #31485 -- Backported jQuery upgrade to 3.5.1.
• 8301bc9 [2.2.x] Fixed E128, E741 flake8 warnings.
• c7bab8d [2.2.x] Fixed term warning on Sphinx 3.0.1+.
• 79baf33 [2.2.x] Fixed highlightlang deprecation warning on Sphinx 1.8+.
• 151a83e [2.2.x] Fixed CodeBlock deprecation warning on Sphinx 2.1+.
• b0d810a [2.2.x] Fixed Sphinx warnings on duplicate object descriptions.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• b2c33a5 [2.2.x] Bumped version for 2.2.10 release.
• c67a368 [2.2.x] Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
• 96d6443 [2.2.x] Fixed timezones tests for PyYAML 5.3+.
• 813b33e [2.2.x] Added CVE-2019-19844 to the security archive.
• e728612 [2.2.x] Post-release version bump.
• c494d90 [2.2.x] Bumped version for 2.2.9 release.
• 4d334be [2.2.x] Fixed CVE-2019-19844 -- Used verified user email for password reset r...
• 86befcc [2.2.x] Refs #31073 -- Added release notes for 02eff7ef60466da108b1a33f1e4dc0...
• f33be1e [2.2.x] Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating a...
• e8b0903 [2.2.x] Fixed #31006 -- Doc'd backslash escaping in date/time template filters.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 5c33000 [2.2.x] Bumped version for 2.2.28 release.
• 29a6c98 [2.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against...
• 2c09e68 [2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), a...
• 8352b98 [2.2.x] Added stub release notes for 2.2.28.
• 2801f29 [2.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
• e03648f [2.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
• 9d13d8c [2.2.x] Fixed typo in release notes.
• 047ece3 [2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.
• 2427b2f [2.2.x] Post-release version bump.
• e541f2d [2.2.x] Bumped version for 2.2.27 release.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from cryptography's changelog.

3.3.2 - 2021-02-07

* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
  when symmetrically encrypting very large payloads (>2GB) could result in an
  integer overflow, leading to buffer overflows. *CVE-2020-36242* **Update:**
  This fix is a workaround for *CVE-2021-23840* in OpenSSL, fixed in OpenSSL
  1.1.1j.
.. _v3-3-1:
3.3.1 - 2020-12-09

• Re-added a legacy symbol causing problems for older pyOpenSSL users.

.. _v3-3:

3.3 - 2020-12-08

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.5 has been removed due to
  low usage and maintenance burden.
* **BACKWARDS INCOMPATIBLE:** The
  :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` and
  :class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM` now require
  64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change
  is to conform with an upcoming OpenSSL release that will no longer support
  sizes outside this window.
* **BACKWARDS INCOMPATIBLE:** When deserializing asymmetric keys we now
  raise ``ValueError`` rather than ``UnsupportedAlgorithm`` when an
  unsupported cipher is used. This change is to conform with an upcoming
  OpenSSL release that will no longer distinguish between error types.
* **BACKWARDS INCOMPATIBLE:** We no longer allow loading of finite field
  Diffie-Hellman parameters of less than 512 bits in length. This change is to
  conform with an upcoming OpenSSL release that no longer supports smaller
  sizes. These keys were already wildly insecure and should not have been used
  in any application outside of testing.
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
  OpenSSL 1.1.1i.
* Python 2 support is deprecated in ``cryptography``. This is the last release
  that will support Python 2.
* Added the
  :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.recover_data_from_signature`
  function to
  :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
  for recovering the signed data from an RSA signature.
.. _v3-2-1:
</tr></table>

... (truncated)

• 82b6ce2 correct buffer overflows cause by integer overflow in openssl (#5747)
• 1ff0d50 re-add Cryptography_HAS_TLSEXT_HOSTNAME and bump for 3.3.1 (#5625)
• 7e8fff7 Prepare for 3.3 release (#5603)
• b5278c9 Fixed DH tests for latest CentOS FIPS OpenSSL (#5604)
• 6693d55 Add support for RSA signature recovery (#5573)
• 8686d52 Document that PKCS1v1.5 is not constant time (#5600)
• 1be144a bump cffi minimum version to help out pyopenssl (#5598)
• 96f2d96 remove legacy debugging code from setup.py (#5597)
• 2660f93 Document that Firefox doesn't support unencrypted pkcs12 (#5596)
• a209669 Added tls bindings for new OpenSSL APIs (#5595)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.