Version 0.4.1 of distlib has recently been released on PyPI. It contains an important security fix, so please update as soon as possible.
For newcomers, distlib is a library of packaging functionality which is intended to be usable as the basis for third-party packaging tools.
The main changes in this release are as follows:
-
Fix path traversal bug in handling entry points which allowed escaping the scripts directory.
Thanks to tonghuaroot for the comprehensive report. -
Fix #251: Change test function following a reorganization which happened in the Python stdlib.
A more detailed change log is available here.
Please try it out, and if you find any problems or have any suggestions for improvements, please give some feedback using the issue tracker!