Rev to django~=2.2.23 for cve and bug fixes. #772
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bump from LTS 2.2.20 to 2.2.23 2.2.21 included some security improvements but also a new django bug that caused a bug in pulpcore https://pulp.plan.io/issues/8691 2.2.22 has fix for: CVE-2021-32052 django: header injection possibility since URLValidator accepted newlines in input on Python. But 2.2.22 still had the bug introduced in 2.2.21 2.2.23 resolves the issue that causes https://pulp.plan.io/issues/8691 Issue: AAH-601 Issue: AAH-583 Issue: AAH-584
alikins
requested review from
awcrosby,
rochacbruno,
chouseknecht and
newswangerd
alikins
added
backport-4.3
awcrosby
approved these changes
May 13, 2021
Backport to stable-4.3: 💚 backport PR created✅ Backport PR branch: Backported as #773 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
May 13, 2021
Bump from LTS 2.2.20 to 2.2.23 2.2.21 included some security improvements but also a new django bug that caused a bug in pulpcore https://pulp.plan.io/issues/8691 2.2.22 has fix for: CVE-2021-32052 django: header injection possibility since URLValidator accepted newlines in input on Python. But 2.2.22 still had the bug introduced in 2.2.21 2.2.23 resolves the issue that causes https://pulp.plan.io/issues/8691 Issue: AAH-601 Issue: AAH-583 Issue: AAH-584 (cherry picked from commit 7f93d26)
alikins
added a commit
that referenced
this pull request
May 13, 2021
Bump from LTS 2.2.20 to 2.2.23 2.2.21 included some security improvements but also a new django bug that caused a bug in pulpcore https://pulp.plan.io/issues/8691 2.2.22 has fix for: CVE-2021-32052 django: header injection possibility since URLValidator accepted newlines in input on Python. But 2.2.22 still had the bug introduced in 2.2.21 2.2.23 resolves the issue that causes https://pulp.plan.io/issues/8691 Issue: AAH-601 Issue: AAH-583 Issue: AAH-584 (cherry picked from commit 7f93d26) Co-authored-by: Adrian Likins <alikins@redhat.com>
newswangerd
added
the
backported-4.3
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bump from LTS 2.2.20 to 2.2.23
2.2.21 included some security improvements but
also a new django bug that caused a bug in pulpcore
https://pulp.plan.io/issues/8691
2.2.22 has fix for:
CVE-2021-32052 django: header injection possibility
since URLValidator accepted newlines in input on Python.
But 2.2.22 still had the bug introduced in 2.2.21
2.2.23 resolves the issue that causes
https://pulp.plan.io/issues/8691
Issue: AAH-601
Issue: AAH-583
Issue: AAH-584