Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CASMCMS-8714/CASMCMS-8715: Fix CVEs in cfs-ara and cfs-operator #2588

Merged
merged 2 commits into from
Jul 20, 2023
Merged

CASMCMS-8714/CASMCMS-8715: Fix CVEs in cfs-ara and cfs-operator #2588

merged 2 commits into from
Jul 20, 2023

Conversation

mharding-hpe
Copy link
Contributor

@mharding-hpe mharding-hpe commented Jul 20, 2023
edited
Loading

Summary and Scope

CASMCMS-8714

Snyk reported that cfs-ara is vulnerable to this CVE:
https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-5750790

This updates cfs-ara to a version where the Django module is pinned to a version with this CVE fixed.

CASMCMS-8715

Snyk reported that cfs-operator is vulnerable to this CVE:
https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683

This updates cfs-operator to a version where the cryptography module is pinned to a version with this CVE fixed.

Issues and Related PRs

@mharding-hpe mharding-hpe requested a review from a team as a code owner July 20, 2023 18:29
@mharding-hpe mharding-hpe mentioned this pull request Jul 20, 2023
Merged
@mharding-hpe
Copy link
Contributor Author

/backport stable/1.5 release/1.6

@github-actions github-actions bot mentioned this pull request Jul 20, 2023
Merged
@github-actions
Copy link

Backporting into branch stable/1.5 was successful. New PR: #2590

@github-actions github-actions bot mentioned this pull request Jul 20, 2023
Merged
@github-actions
Copy link

Backporting into branch release/1.6 was successful. New PR: #2591

@mharding-hpe mharding-hpe changed the title CASMCMS-8714: Fix ReDoS CVE in cfs-ara CASMCMS-8714/CASMCMS-8715: Fix ReDoS CVE in cfs-ara, Improper Certificate Validation CVE in cfs-operator Jul 20, 2023
@mharding-hpe mharding-hpe changed the title CASMCMS-8714/CASMCMS-8715: Fix ReDoS CVE in cfs-ara, Improper Certificate Validation CVE in cfs-operator CASMCMS-8714/CASMCMS-8715: Fix CVEs in cfs-ara and cfs-operator Jul 20, 2023
@denniswalker denniswalker merged commit c3df2a2 into release/1.5 Jul 20, 2023
@denniswalker denniswalker deleted the CASMCMS-8714-1.5 branch July 20, 2023 19:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mharding-hpe @denniswalker