dbx icon indicating copy to clipboard operation
dbx copied to clipboard

Published 20 hours ago • verified publisher icon databrickslabs

Allow higher versions of cryptography to prevent CVE-2023-50782

Open MartinRoth opened this issue 1 year ago • 3 comments

Expected Behavior

cryptography>=42.0.0 should be possible

Current Behavior

cryptography is pinned to < 42.0.0

MartinRoth avatar Feb 16 '24 11:02 MartinRoth

Hi Martin, working on that - thanks a lot for raising the issue!

renardeinside avatar Feb 22 '24 14:02 renardeinside

Hi @renardeinside, what is the current status of the fix? The last release is now almost one year ago and the security issue is now open since 4 months. Thanks for an update! Best, Henry

henryhueske avatar Jun 21 '24 06:06 henryhueske

almost ready in #863

renardeinside avatar Jun 25 '24 09:06 renardeinside

Hi, is there anything we can do to help? It looks like the two checks are actually not executed ...

MartinRoth avatar Jul 01 '24 12:07 MartinRoth

done, deployed with 0.8.19

renardeinside avatar Jul 02 '24 16:07 renardeinside