Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dev env: update urllib3 to 1.24.2 or later #4379

Closed
emkll opened this issue Apr 25, 2019 · 0 comments · Fixed by #4665
Closed

Dev env: update urllib3 to 1.24.2 or later #4379

emkll opened this issue Apr 25, 2019 · 0 comments · Fixed by #4665
Labels
security

Comments

@emkll
Copy link
Contributor

emkll commented Apr 25, 2019

Description

There's a high severity CVE associated with the version of urllib3 used CVE-2019-11324. While we only use this dependency in the development environment, we should update the dependency anyways. This does not affect production SecureDrop instances instances.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update urllib3 to 1.25.3 rmol/securedrop
2 participants
@redshiftzero @emkll