You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently, a vulnerability was found in python3 package urllib3 which is recorded as CVE-2021-33503
The zap-cli package has a dependency on an older version of the requests package which itself depends on urllib3 versions less than v1.25.
The requests module v2.25.0 is the earliest release which allows for urllib3 v1.26.5, and since zap-cli depends on urllib3 module versions lower than v1.25, this impacts zap-cli because when we update the urllib3 module in the ZAP docker image, we begin to see the following messages during our scans:
/usr/local/lib/python3.8/dist-packages/requests/__init__.py:89: RequestsDependencyWarning: urllib3 (1.26.5) or chardet (3.0.4) doesn't match a supported version!
warnings.warn("urllib3 ({}) or chardet ({}) doesn't match a supported "
I'm not certain what all changes will be needed in zap-cli to support this version of the requests module, possibly just incrementing the version number in setup.py will work, but we would like to collaborate to help get this dependency updated in zap-cli so that it can be incorporated into the ZAP docker image in the next release.
Please help check and advise.
The text was updated successfully, but these errors were encountered:
Hello,
Recently, a vulnerability was found in python3 package urllib3 which is recorded as CVE-2021-33503
The zap-cli package has a dependency on an older version of the requests package which itself depends on urllib3 versions less than v1.25.
The requests module v2.25.0 is the earliest release which allows for urllib3 v1.26.5, and since zap-cli depends on urllib3 module versions lower than v1.25, this impacts zap-cli because when we update the urllib3 module in the ZAP docker image, we begin to see the following messages during our scans:
I'm not certain what all changes will be needed in zap-cli to support this version of the requests module, possibly just incrementing the version number in setup.py will work, but we would like to collaborate to help get this dependency updated in zap-cli so that it can be incorporated into the ZAP docker image in the next release.
Please help check and advise.
The text was updated successfully, but these errors were encountered: