2.3.4
📦 poetryView on GitHub →
🐛 2 fixes
Summary
This release addresses a performance regression in the wheel installer and patches a critical path traversal vulnerability found during sdist extraction on specific Python versions.
🐛 Bug Fixes
- Fixed a performance regression in the wheel installer introduced in Poetry 2.3.3.
- Fixed a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that allowed malicious tarball files to write outside the target directory.