From 2d527aae09eed50fd52c6bf886a2970adb225428 Mon Sep 17 00:00:00 2001
From: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>
Date: Tue, 2 Jul 2024 13:41:37 +0100
Subject: [PATCH 1/2] chore: bump dnspython to fix vulnerability (#2255)

---
 requirements/base.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index a7cd7822e9..3821e562cd 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -22,7 +22,7 @@ colorama==0.4.6
     # via flask-appbuilder
 deprecated==1.2.14
     # via limits
-dnspython==2.4.2
+dnspython==2.6.1
     # via email-validator
 email-validator==1.3.1
     # via flask-appbuilder

From 1a85de966bb689b59e95813cce7d2a369abee26e Mon Sep 17 00:00:00 2001
From: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>
Date: Mon, 19 Aug 2024 10:50:45 +0100
Subject: [PATCH 2/2] fix: rate limiter key function (#2254)

* fix: rate limiter key function

* lint
---
 flask_appbuilder/security/manager.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/flask_appbuilder/security/manager.py b/flask_appbuilder/security/manager.py
index 82423cfa4c..d046eec9f0 100644
--- a/flask_appbuilder/security/manager.py
+++ b/flask_appbuilder/security/manager.py
@@ -304,7 +304,9 @@ def __init__(self, appbuilder):
         self.limiter = self.create_limiter(app)
 
     def create_limiter(self, app: Flask) -> Limiter:
-        limiter = Limiter(key_func=get_remote_address)
+        limiter = Limiter(
+            key_func=app.config.get("RATELIMIT_KEY_FUNC", get_remote_address)
+        )
         limiter.init_app(app)
         return limiter