Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade cryptography to 2.7 #3141

Merged
merged 1 commit into from Aug 12, 2019
Merged

Upgrade cryptography to 2.7 #3141

merged 1 commit into from Aug 12, 2019

Conversation

@caseycesari
Copy link
Member

caseycesari commented Aug 9, 2019

Overview

In #3139, cryptography was upgraded from 2.1.4 to 2.2.1 to satisfy a requirement of pyOpenSSL 19.0.0. However, upgrading to that version of cryptography did not fix the security vulnerability, which was patched in 2.3.1. The library is updated again here, to the latest version available, to remedy the vulnerability.

Connects #3101

Testing Instructions

  • Run vagrant reload app services worker --reprovision
  • Run the local development services, visit the app, and verify it generally works.

Checklist

  • All JavaScript tests pass ./scripts/testem.sh
In #3139, cryptography was upgraded from 2.1.4 to 2.2.1 to satisfy a
requirement of pyOpenSSL 19.0.0. However, upgrading to that version of
cryptography did not fix the security vulnerability, which was patched
in 2.3.1. The library is updated again here to remedy the vulnerability.

Refs #3101
@caseycesari caseycesari requested a review from rajadain Aug 9, 2019
@rajadain

This comment has been minimized.

Copy link
Member

rajadain commented Aug 12, 2019

Taking a look now.

@rajadain rajadain added the WPF label Aug 12, 2019
@rajadain

This comment has been minimized.

Copy link
Member

rajadain commented Aug 12, 2019

+1 tested, ran a number of SSL operations including Monitor, SRAT, and HydroShare Export and they all worked correctly.

@rajadain rajadain assigned caseycesari and unassigned rajadain Aug 12, 2019
@caseycesari

This comment has been minimized.

Copy link
Member Author

caseycesari commented Aug 12, 2019

Thanks!

@caseycesari caseycesari merged commit c0b39bb into develop Aug 12, 2019
2 checks passed
2 checks passed
default Build finished.
Details
model-my-watershed-pull-requests Build #4081 succeeded in 9 min 34 sec
Details
@caseycesari caseycesari deleted the cpc/upgrade-crypto branch Aug 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.