Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerable dependencies #294

Merged
merged 1 commit into from
Oct 29, 2019
Merged

Fix vulnerable dependencies #294

merged 1 commit into from
Oct 29, 2019

Conversation

dethos
Copy link
Collaborator

@dethos dethos commented Oct 13, 2019

Updated django and whitenoise to avoid:

36885: django <1.11.19,>=1.11.0 resolved (1.11.16 installed)!
Django 1.11.x before 1.11.19 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

37261: django <1.11.22,>1.11 resolved (1.11.16 installed)!
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

37275: whitenoise <4.1.3 resolved (3.3.0 installed)!
whitenoise 4.1.3 change: Fix potential path traversal attack while running in autorefresh mode on
Windows

@dethos dethos requested a review from pjaneiro October 13, 2019 17:06
@pjaneiro pjaneiro merged commit cb0d1b0 into master Oct 29, 2019
@pjaneiro pjaneiro deleted the fix-vulnerable-dependencies branch October 29, 2019 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pjaneiro pjaneiro pjaneiro approved these changes

Assignees

@pjaneiro pjaneiro

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dethos @pjaneiro