Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-889543: Multiple vulnerabilities introduced through cryptography <41.0.2 #434

Closed
f0rtun3 opened this issue Aug 9, 2023 · 1 comment
Closed

SNOW-889543: Multiple vulnerabilities introduced through cryptography <41.0.2 #434

f0rtun3 opened this issue Aug 9, 2023 · 1 comment
Labels
feature

Comments

@f0rtun3
Copy link

f0rtun3 commented Aug 9, 2023

What is the current behavior?

Security Vulnerability introduced through cryptography. Version constraint imposed on cryptography (cryptography >=3.1.0,<41.0.0 ) does not allow for upgrade.

What is the desired behavior?

A more secure cryptography version.

How would this improve snowflake-connector-python?

Upgrade cryptography transitive dependency constraint to >=41.0.2

References, Other Background

https://security.snyk.io/package/pip/cryptography
@f0rtun3 f0rtun3 added the feature label Aug 9, 2023
@github-actions github-actions bot changed the title Multiple vulnerabilities introduced through cryptography <41.0.2 SNOW-889543: Multiple vulnerabilities introduced through cryptography <41.0.2 Aug 9, 2023
@sfc-gh-sfan
Copy link
Collaborator

This is an issue more suited for https://github.com/snowflakedb/snowflake-connector-python, but in the latest release, we've bumped the upper bound to <42.0.0: https://github.com/snowflakedb/snowflake-connector-python/blob/main/setup.cfg#L47

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@f0rtun3 @sfc-gh-sfan @sfc-gh-achandrasekaran