New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This ticket contains an incorrect report and a clickbait title [EDITED by @tasn] #123
Comments
if i'm this harsh to you it's because i would like to use this service, but there is so many vulnerability i would be crazy to use it as it is now. Or you don't care about the project ? Or maybe 25 Security issue only in your Django version isn't enough to you to understand that this project is abandoned or not updated correctly ? |
@BirdInFire, I respect that, and following your comments we'll probably update django just for appearances, though it's important to state: we only use the Django ORM so we are NOT AFFECTED by most of these reports just based on that. Our API is powered by FastAPI. As for the rest, we closely monitor security advisories for all of our deps and make sure that we are not affected. Edit: I understand the confusion, it looks like the hosted server was up to date, but we neglected to update the OSS deps. Let me be clear though: the above still applies. We are not affected by any of those. |
Updated django to latest LTS. Though as I said, we were not affected by any of these. |
@tasn could you release a new version tag? I want to try a way to automate the docker image update |
Yes, gimme one sec. |
Done. |
Please do your security update and stop hiding youself behind "it's work from decade blabla":
One proof your app isn't secure anymore since long one of the requirement of YOUR app :
Will just take the exemple of django because since you don't secure your app don't try to bullshit me with your "it work like decade" :
you use : django==3.1.4
So i go see their changelog to see all security fix you don't HAVE and put the USERS WHO PAY YOU at risk :
Django 3.1.6 fixes a security issue with severity “low” and a bug.
Django 3.1.7 fixes a security issue and a bug
Django 3.1.8 fixes a security issue with severity “low” and a bug
Django 3.1.9 fixes a security issue
Django 3.1.10 fixes a security issue
Django 3.1.12 fixes two security issues
Django 3.1.13 fixes a security issue with severity “high”
Django 3.1.14 fixes a security issue with severity “low”
Django 3.2.1 fixes a security issue and several bugs
Django 3.2.2 fixes a security issue and a bug
Django 3.2.4 fixes two security issues and several bugs
Django 3.2.5 fixes a security issue with severity “high” and several bugs
Django 3.2.10 fixes a security issue with severity “low” and a bug
Django 3.2.11 fixes one security issue with severity “medium” and two security issues with severity “low”
Django 3.2.12 fixes two security issues with severity “medium”
Django 4.0.1 fixes one security issue with severity “medium”, two security issues with severity “low”, and several bugs
Django 4.0.2 fixes two security issues with severity “medium” and several bugs
And since the main framework you use on server isn't updated, and the fact that ios and other isn't updated 3 conclusion are possible.
In the 3 cases, this services is dead since it cannot provide the best security for his user.
The text was updated successfully, but these errors were encountered: