5.4.0b2 release
diff --git a/CHANGES b/CHANGES
index f3facb1..770aad9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,18 @@
* https://github.com/yaml/pyyaml/commits/
* https://bitbucket.org/xi/pyyaml/commits/
+5.4b2 (2021-01-14)
+
+* Update Copyright year to 2021
+
+5.4b1 (2021-01-13)
+
+* https://github.com/yaml/pyyaml/pull/407 -- build modernization, remove distutils, fix metadata, build wheels, CI to GHA
+* https://github.com/yaml/pyyaml/pull/472 -- fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
+* https://github.com/yaml/pyyaml/pull/441 -- fix memory leak in implicit resolver setup
+* https://github.com/yaml/pyyaml/pull/392 -- fix py2 copy support for timezone objects
+* https://github.com/yaml/pyyaml/pull/378 -- fix compatibility with Jython
+
5.3.1 (2020-03-18)
* https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor
diff --git a/LICENSE b/LICENSE
index 3d82c28..2f1b8e1 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2017-2020 Ingy döt Net
+Copyright (c) 2017-2021 Ingy döt Net
Copyright (c) 2006-2016 Kirill Simonov
Permission is hereby granted, free of charge, to any person obtaining a copy of
diff --git a/announcement.msg b/announcement.msg
index 1e32b3c..245f4a1 100644
--- a/announcement.msg
+++ b/announcement.msg
@@ -1,25 +1,37 @@
-From: Tina Müller <post@tinita.de>
+From: Ingy döt Net <ingy@ingy.net>
To: python-list@python.org, python-announce@python.org, yaml-core@lists.sourceforge.net
-Subject: [ANN] PyYAML-5.3.1: YAML parser and emitter for Python
+Subject: [ANN] PyYAML-5.4b2: Linux and Mac users, please test!
=======================
-Announcing PyYAML-5.3.1
+Announcing PyYAML-5.4b2
=======================
-A new release of PyYAML is now available:
-https://pypi.org/project/PyYAML/
+A beta release of PyYAML is now available:
+https://github.com/yaml/pyyaml/releases/tag/5.4b2
-This release contains a security fix for CVE-2020-1747. FullLoader was still
-exploitable for arbitrary command execution.
-https://bugzilla.redhat.com/show_bug.cgi?id=1807367
+This release contains a security fix for CVE-2020-14343. It removes the
+python/module, python/object, and python/object/new tags from the FullLoader.
+YAML that uses these tags must be loaded by UnsafeLoader, or a custom loader
+that has explicitly enabled them.
-Thanks to Riccardo Schirone (https://github.com/ret2libc) for both reporting
-this and providing the fixes to resolve it.
+This beta release also adds Python wheels for manylinux1 (x86_64) and
+MacOS (x86_64) with the libyaml extension included (built on libyaml 0.2.5).
+We believe these wheels to be stable, but please take the opportunity to test
+against your local Linux and MacOS environments, and file any issues at
+https://github.com/yaml/pyyaml/issues.
+
+PyYAML 5.4 will be the last release to support Python 2.7.
+
Changes
=======
-* https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor
+* Update Copyright year to 2021
+* https://github.com/yaml/pyyaml/pull/407 -- build modernization, remove distutils, fix metadata, build wheels, CI to GHA
+* https://github.com/yaml/pyyaml/pull/472 -- fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
+* https://github.com/yaml/pyyaml/pull/441 -- fix memory leak in implicit resolver setup
+* https://github.com/yaml/pyyaml/pull/392 -- fix py2 copy support for timezone objects
+* https://github.com/yaml/pyyaml/pull/378 -- fix compatibility with Jython
Resources
@@ -55,6 +67,7 @@
Example
=======
+```
>>> import yaml
>>> yaml.full_load("""
@@ -72,7 +85,7 @@
homepage: https://github.com/yaml/pyyaml
description: YAML parser and emitter for Python
keywords: [YAML, serialization, configuration, persistence, pickle]
-
+```
Maintainers
===========
@@ -89,7 +102,7 @@
Copyright
=========
-Copyright (c) 2017-2020 Ingy döt Net <ingy@ingy.net>
+Copyright (c) 2017-2021 Ingy döt Net <ingy@ingy.net>
Copyright (c) 2006-2016 Kirill Simonov <xi@resolvent.net>
The PyYAML module was written by Kirill Simonov <xi@resolvent.net>.
diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py
index 6da15d8..4754c21 100644
--- a/lib/yaml/__init__.py
+++ b/lib/yaml/__init__.py
@@ -8,7 +8,7 @@
from loader import *
from dumper import *
-__version__ = '5.4.0a0'
+__version__ = '5.4b2'
try:
from cyaml import *
diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py
index 98b662c..a399f1c 100644
--- a/lib3/yaml/__init__.py
+++ b/lib3/yaml/__init__.py
@@ -8,7 +8,7 @@
from .loader import *
from .dumper import *
-__version__ = '5.4.0a0'
+__version__ = '5.4b2'
try:
from .cyaml import *
__with_libyaml__ = True
diff --git a/setup.py b/setup.py
index 296b599..fccc95f 100644
--- a/setup.py
+++ b/setup.py
@@ -1,6 +1,6 @@
NAME = 'PyYAML'
-VERSION = '5.4.0a0'
+VERSION = '5.4b2'
DESCRIPTION = "YAML parser and emitter for Python"
LONG_DESCRIPTION = """\
YAML is a data serialization format designed for human readability