New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update paramiko to v2.4.2+ #3861

emkll opened this Issue Oct 10, 2018 · 1 comment


None yet
3 participants
Copy link

emkll commented Oct 10, 2018


We currently use paramiko v2.4.1, for which a CVE was issued (

The vulnerability is on the server-side of the paramiko code, which means that it shouldn't be directly exploitable, as we only use it as a client, but safety will soon alert us of the vulnerable package.

User Stories

As an admin, I would like to use have no associated CVEs with the libraries used.

@redshiftzero redshiftzero added this to the 0.10.0 milestone Oct 10, 2018


This comment has been minimized.

Copy link

redshiftzero commented Oct 10, 2018

Hey @heartsucker: we need this fix in for 0.10.0 - interested in investigating based on @emkll's report and filing a PR to update? (PR should be against develop at first and then we'll backport into the release branch)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment