-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update cryptography requirements.txt #597
Conversation
Targeting https://nvd.nist.gov/vuln/detail/CVE-2023-5678 with the updated version of cryptography. Signed-off-by: Soren Jensen <jensen.sk@gmail.com>
It would be great if this could be resolved, as it is currently preventing many people from easily updating cryptography to resolve this vulnerability. |
Any update on this? I would really like to get our security vulnerability alerts fixed. cc @ewanharris |
This is now popping up on security alerts for CVE-2024-26130. It would be nice for cryptography to be updated to use 42.0.4 please. https://nvd.nist.gov/vuln/detail/CVE-2024-26130 |
@skjensen this should be a priority if possible please! I would expect an influx of requests to come in regarding this vulnerability. Anyway someone on your team can approve this and get a pre-release setup for us to use? |
This is quite important for us as well. Thanks for prioritising it and pushing this forward. |
**Security** - Update cryptography requirements.txt [\#597](#597) ([skjensen](https://github.com/skjensen))
I am running into issues with this package and the
Line 14 in 6b1199f
and, auth0-python==4.7.1 also requires pyopenssl==23.2.0 here: Line 27 in 6b1199f
however, pyopenssl==23.2.0 requires cryptography>=38.0.0,<42,!=40.0.0,!=40.0.1 here: https://github.com/pyca/pyopenssl/blob/d024506289d16b1325c3c7ddfd12c2d83301815b/setup.py#L102
I think a solution would be to update |
Targeting https://nvd.nist.gov/vuln/detail/CVE-2023-5678 with the updated version of cryptography.
Changes
Please describe both what is changing and why this is important. Include:
References
Please include relevant links supporting this change such as a:
Testing
Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.
Checklist