Skip to content

Release 1.28.6.post1 (version bump + changelog) — MERGE LAST#6

Open
icanhasmath wants to merge 1 commit into
1.28.6.xfrom
1.28.6-sec-release
Open

Release 1.28.6.post1 (version bump + changelog) — MERGE LAST#6
icanhasmath wants to merge 1 commit into
1.28.6.xfrom
1.28.6-sec-release

Conversation

@icanhasmath

@icanhasmath icanhasmath commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator

Final PR of the PyPDF2 1.28.6 security backport series. Bumps the version to 1.28.6.post1 (PEP 440 post-release, verified valid) and adds the CHANGELOG entry.

⚠️ Merge LAST — after fix PRs #1#5 are approved and merged into 1.28.6.x.

Covers the 14 backported DoS fixes plus the 8 not-applicable advisories (documented in the changelog). All advisories are DoS-class; no RCE / info-disclosure. See #1#5 for the actual fixes.

🤖 Generated with Claude Code

@icanhasmath @claude
Release 1.28.6.post1: security backports
8236a5a 
ActiveState security post-release on upstream PyPDF2 1.28.6. Bumps the
version to 1.28.6.post1 (PEP 440 post-release) and records the CHANGELOG
entry for the 14 backported DoS fixes (CVE-2025-55197, CVE-2026-27026,
CVE-2026-41312, CVE-2026-28804, CVE-2025-62708, CVE-2025-66019,
CVE-2026-27024, CVE-2026-31826, CVE-2026-33123, CVE-2026-22691,
CVE-2026-27628, CVE-2026-41168, CVE-2026-24688, CVE-2026-40260) and the
8 not-applicable advisories.

Merge after the five fix PRs (#1-#5) land.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@icanhasmath