PyCharm 2020.3.4 Is Out!
This release is dedicated to fixing bugs and enhancing performance. We are also working on implementing the concept of trusted projects, which is designed to mitigate the risks associated with opening projects from unknown and untrusted sources.
The simple act of opening a project in the IDE can lead to the automatic execution of code from the project’s virtual environment, specifically its activation script. This can pose a significant risk if a malicious actor creates the project. Unfortunately, the risk is not merely hypothetical. There have been recent attempts to attack security researchers by sending them Visual Studio projects containing malicious code.
We’ve introduced the concept of Trusted Projects to mitigate these risks. When you open an imported or cloned project that contains a virtual environment, PyCharm doesn’t execute the auto-configuration of the virtual environment. Instead, it first checks whether the project is from a trusted location. If the project folder is not listed as a trusted location, PyCharm won’t proceed with the auto-configuration of its interpreter. Instead, PyCharm will let you decide whether to use the project’s interpreter or configure another Python interpreter instead.
PyCharm makes it possible to identify trusted locations in Preferences/Settings | Build, Execution, Deployment | Trusted Locations. Projects in directories specified as “Trusted Locations” are always considered trusted. To ensure that the projects are treated as untrusted only in unusual circumstances, we recommend adding the directory where you usually create projects to your trusted locations.
Other notable improvements
- Apple ARM chip (Apple Silicon): the OS X Keychain is now accessible from your IDE. [IDEA-258912]
- Code insight: inspections work as expected for decorators defined as classes. [PY-46768]
- Pytest: failed tests for run configurations with additional arguments can now be rerun without errors. [PY-46006]
- Markdown: all characters are now rendered correctly in the preview tab. [IDEA-258796]
- Docker: we’ve fixed the issue causing log spamming when disconnecting from Docker. [IDEA-259400]
- Web development: the Vue.js plugin no longer breaks HTML templating. [PY-46857]
You can refer to the release notes for a full list of issues resolved in this version. Update to v2020.3.3 now, and don’t forget to share your feedback with us in the comments to this post or post your suggestions to our issue tracker.