python-flask-cors (3.0.8-2ubuntu0.1+esm1) focal-security; urgency=medium

  * SECURITY UPDATE: Unauthorized Cross-Origin Access
    - debian/patches/CVE-2024-6839-1.patch: Sort paths by regex 
      specificity
    - debian/patches/CVE-2024-6839-2.patch: Sort paths longest to
      shortest
    - debian/patches/CVE-2024-6839-3.patch: Rename "helper_tests.py" to
      "test_helpers.py".
    - CVE-2024-6839
  * SECURITY UPDATE: Private Resource Exposure
    - debian/patches/CVE-2024-6221.patch: Add option to allow
      "Access-Control-Allow-Private-Network" CORS header to be false
    - CVE-2024-6221
  * SECURITY UPDATE: Information Leak
    - debian/patches/CVE-2024-6866.patch: Implements case sensitive
      request path matching
    - CVE-2024-6866
  * SECURITY UPDATE: Undefined CORS Policy Application
    - debian/patches/CVE-2024-6844.patch: Fix incorrect path normalization
    - CVE-2024-6844
  * SECURITY UPDATE: Log Injection
    - debian/patches/CVE-2024-1681.patch: Update extension.py to clean
      request.path before logging it
    - CVE-2024-1681

 -- Bruce Cable <bruce.cable@canonical.com>  Mon, 30 Jun 2025 17:13:56 +1000

python-flask-cors (3.0.8-2ubuntu0.1) focal-security; urgency=low

  * SECURITY UPDATE: Path traversal in Flask-CORS
    - flask_cors/extension.py: Fix request path normalization, [upstream
      patch by Cory Dolphin] (LP: #2012949)
    - CVE-2020-25032
  * tests/decorator/test_exception_interception.py: Fix FTBFS against
    Flask 1.1+ [upstream patch by Cory Dolphin]

 -- Dalton Durst <ubuntu-contrib@daltondur.st>  Fri, 24 Mar 2023 10:04:01 -0500

python-flask-cors (3.0.8-2) unstable; urgency=medium

  [ Ondřej Nový ]
  * Bump Standards-Version to 4.4.0.

  [ Stewart Ferguson ]
  * Bumping version to facilitate source-only upload

 -- Stewart Ferguson <stew@ferg.aero>  Tue, 30 Jul 2019 19:11:58 +0200

python-flask-cors (3.0.8-1) unstable; urgency=medium

  * Upstream release 3.0.8
  * Bumping standards-version 4.2.1 -> 4.3.0 (no changes required)
  * Bumping compat 11 -> 12 and replacing d/compat with newer build-dep
  * Adding d/upstream/metadata

 -- Stewart Ferguson <stew@ferg.aero>  Sun, 09 Jun 2019 09:29:19 +0200

python-flask-cors (3.0.7-1) unstable; urgency=medium

  * Initial release (Closes: #915789)

 -- Stewart Ferguson <stew@ferg.aero>  Wed, 05 Dec 2018 21:51:05 +0100
