Upgrade dependencies with security releases #2526
Labels
status: accepted
This issue has been accepted for implementation
type: bug
A confirmed report of unexpected behavior in the application
Comments
jeremystretch
added
type: bug
|
Thank you for the heads up! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
GitHub is reporting that 2 of the fixed version dependencies of Netbox have security upgrades and both are marked as high severity by GitHub.
Paramiko (CVE-2018-1000805)
Vulnerable versions: >= 2.4.0, < 2.4.2
Patched version: 2.4.2
pycryptodome (CVE-2018-15560)
Vulnerable versions: < 3.6.6
Patched version: 3.6.6
In both cases the
requirements.txtfile is forcing the exact version and doesn't allow for an easier upgrade.Take into consideration also the possibility to relax a bit those requirements to allow for patch version upgrades at least.
The text was updated successfully, but these errors were encountered: