83f1e6e201
Fixes the following security issue:
- CVE-2025-27516: Prior to 3.1.6, an oversight in how the Jinja
sandboxed environment interacts with the |attr filter allows
an attacker that controls the content of a template to execute
arbitrary Python code.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-27516
- 90457bbf33
For more details on the version bump, see the release notes:
https://github.com/pallets/jinja/releases/tag/3.1.6
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 2d5903769f)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>