web2py 3.2.2

[Massimo Di Pierro]

As you know web2py is end of life and we recommend moving to py4web.com.

In any case, we received a report from two minor security vulnerabilities from user ggufamin so we fixed them and released a new web2py 3.2.2 version.

The vulnerabilities are minor and should not have affect anybody:

1) An eval in gluon/conrtib/spreadsheet.py. I do not expect anybody to be using  spreadsheet.py which was only a proof of concept. I have therefore deleted the file in 3.2.2.

2) An eval in gluon/languages.py. This allow execution of arbitrary code in a language file if the ast module is missing. If you are using python3 the ast module is never missing. Moreover your users cannot inject code in your language files. In any case the eval() has been removed since we only support python 3 now.

Massimo