Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Pillow to 9.0.0 for Python versions >=3.7 to fix CVEs #1267

Closed
bryanculver opened this issue Jan 13, 2022 · 0 comments · Fixed by #1270
Closed

Upgrade Pillow to 9.0.0 for Python versions >=3.7 to fix CVEs #1267

bryanculver opened this issue Jan 13, 2022 · 0 comments · Fixed by #1270
Assignees
@briddo
Labels
impact: high High severity bugs causing system wide impact type: bug Something isn't working as expected

Comments

@bryanculver
Copy link
Member

Pillow versions < 9.0.0 are vulnerable to:

These are classified as a high and moderate severity CVE and should be fixed ASAP for Nautobot v1.2.x.

Fix can be similar to the Celery issue: #1238
@bryanculver bryanculver assigned bryanculver and briddo and unassigned bryanculver Jan 13, 2022
@bryanculver bryanculver added group: security impact: high High severity bugs causing system wide impact type: bug Something isn't working as expected labels Jan 13, 2022
@bryanculver bryanculver mentioned this issue Jan 13, 2022
Closed
3 tasks
@briddo briddo mentioned this issue Jan 13, 2022
Merged
@bryanculver bryanculver mentioned this issue Jan 14, 2022
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 14, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@briddo briddo

Labels
impact: high High severity bugs causing system wide impact type: bug Something isn't working as expected
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade Pillow to 9.0.0 for Python versions >=3.7 to fix CVEs nautobot/nautobot
2 participants
@bryanculver @briddo