fix(deps): bump authlib 1.7.0 → 1.7.2 (CVE-2026-44681 / GHSA-r95x-qfjj-fjj2)#30
Merged
Conversation
…j-fjj2) Closes dependabot alert #4. Authlib 1.7.0 contains an unauthenticated open redirect in ``OpenIDImplicitGrant.validate_authorization_request`` and ``OpenIDHybridGrant.validate_authorization_request``: when the ``openid`` scope is omitted from the authorization request, the scope check fires before client / redirect_uri validation, so the raw attacker-controlled ``redirect_uri`` is rendered as an HTTP 302 ``Location`` header. CVSS 6.1 (medium). Patched in 1.7.1; this bump lands on 1.7.2 which is the current patch in the 1.7.x line. Cortex exposure --------------- Cortex is **not** an OIDC authorization server. It uses ``fastmcp`` which pulls authlib in transitively, but the vulnerable code paths (``OpenIDImplicitGrant`` / ``OpenIDHybridGrant`` registration) are never invoked. Practical exploitability for Cortex deployments is zero. The bump is taken for hygiene, to close the dependabot alert, and so downstream applications that embed Cortex's lockfile do not inherit the vulnerable resolution. Scope ----- uv.lock only — no application source changes. The cortex package's own lock entry also moves 3.15.3 → 3.15.4 because ``uv lock`` re- resolved it against the just-released pyproject.toml; that's cosmetic catch-up, not a real bump. References ---------- - GHSA-r95x-qfjj-fjj2: GHSA-r95x-qfjj-fjj2 - Patched in: https://github.com/authlib/authlib/releases/tag/v1.7.1 - Dependabot alert: https://github.com/cdeust/Cortex/security/dependabot/4 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
cdeust
added a commit
that referenced
this pull request
May 13, 2026
…n complete) (#41) Bundles 11 merged PRs (#30-#40) since v3.15.4 closing out the ADR-2244 wiki classification cycle: Phase 2 #31 #32 pilot migration analyzer + 1000-page verification (96.7% kind-kept, passes target) Phase 3 #33 stable page IDs (UUID4) + redirect data model + backfill CLI Phase 3.2 #34 handler-layer redirect mechanics (wiki_read follows transparently, wiki_list/wiki_reindex exclude stubs, new wiki_rename tool) Phase 4.1 #35 #36 deterministic bulk migration for the 70 known pollution paths (.md.md, timestamp-slug, path-leak) Phase 4.2 #37 file-doc re-bucket (8734 pages from notes/ to reference/ with modern frontmatter) Phase 5 #39 filter auto-generated pages from default listings; INDEX.md splits human-authored from auto-gen Phase 6 #38 producer audit — codebase_analyze output routes to kind=reference (root-causes the 8734-page misroute) Phase 6.2 #40 producer audit — wiki_seed_codebase emits modern kind tags the classifier reads Security #30 authlib CVE-2026-44681 bump (dependabot #4) Notes for users: - Wiki on disk not migrated yet. Apply scripts (in scripts/) are dry-run by default. Three commands to fully migrate; each is idempotent and leaves redirect stubs. - Phases 5/6/6.2 take effect on next MCP restart. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes dependabot alert #4.
Authlib 1.7.0 has an unauthenticated open redirect in
OpenIDImplicitGrant.validate_authorization_requestandOpenIDHybridGrant.validate_authorization_request. When theopenidscope is omitted from the authorization request, the scope check fires before client / redirect_uri validation, so the raw attacker-controlledredirect_uriis rendered as an HTTP 302Locationheader. CVSS 6.1 (medium). Patched upstream in 1.7.1; this PR lands 1.7.2 (current patch in the 1.7.x line).Cortex exposure
OpenIDImplicitGrantorOpenIDHybridGrant?uv.lock?fastmcp.The bump is hygiene + closes the dependabot alert + protects downstream applications that vendor Cortex's lockfile from inheriting the vulnerable resolution.
Diff scope
uv.lockonly — 8 lines (4 added, 4 removed). No application source changes.authlib 1.7.0 → 1.7.2(the security fix)neuro-cortex-memory 3.15.3 → 3.15.4(cosmetic —uv lockre-resolved this package against the v3.15.4pyproject.tomlthat already landed in release: v3.15.4 — ADR-2244 wiki classification redesign #29)No cascading transitive bumps (
cryptography,joserfcunchanged).References
🤖 Generated with Claude Code