Merge pull request #65 from python-hyper/release/1.4.0

Release v1.4.0 and document with release notes

Author: sigmavirus24

docs/source/release-notes/1.4.0.rst

@@ -0,0 +1,39 @@
+1.3.0 -- 2020-04-07
+-------------------
+
+Security
+~~~~~~~~
+
+- Prevent users from receiving an invalid authority parsed from a malicious
+  URL. Previously we did not stop parsing the authority section at the first
+  backslash (``\\``) character. As a result, it was possible to trick our
+  parser into parsing up to the first forward-slash (``/``) and thus 
+  generating an invalid authority.
+
+  See also `GitHub pr-64`_ and `the blog post that sparked this change`_
+
+Bug Fixes and Features
+~~~~~~~~~~~~~~~~~~~~~~
+
+- Add ``from_uri`` to ``URIBuilder`` to allow creation of a ``URIBuilder``
+  from an existing URI.
+
+  See also `GitHub pr-63`_
+
+- Fix a typographical error in our documentation.
+
+  See also `GitHub pr-61`_
+
+.. links
+
+.. _GitHub pr-61:
+    https://github.com/python-hyper/rfc3986/pull/61
+
+.. _GitHub pr-63:
+    https://github.com/python-hyper/rfc3986/pull/63
+
+.. _GitHub pr-64:
+    https://github.com/python-hyper/rfc3986/pull/64
+
+.. _the blog post that sparked this change:
+    https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/

docs/source/release-notes/index.rst

@@ -10,6 +10,7 @@ here with the newest releases first.
 
 .. toctree::
 
+    1.4.0
     1.3.2
     1.3.1
     1.3.0

src/rfc3986/__init__.py

@@ -35,8 +35,8 @@
 __author__ = 'Ian Stapleton Cordasco'
 __author_email__ = '[email protected]'
 __license__ = 'Apache v2.0'
-__copyright__ = 'Copyright 2014 Rackspace'
-__version__ = '1.3.2'
+__copyright__ = 'Copyright 2014 Rackspace; 2016 Ian Stapleton Cordasco'
+__version__ = '1.4.0'
 
 __all__ = (
     'ParseResult',