adborden
commented
3 years ago If we can't upgrade due to CKAN 2.9, we need to triage this for an alternative resolution https://github.com/GSA/datagov-deploy/wiki/Dependency-scanning#triage-walkthrough
Closed adborden closed 3 years ago
adborden
commented
3 years ago If we can't upgrade due to CKAN 2.9, we need to triage this for an alternative resolution https://github.com/GSA/datagov-deploy/wiki/Dependency-scanning#triage-walkthrough
thejuliekramer
commented
3 years ago Updated cryptography and open SSL here but local build does not pass - maybe we can find a way to work around this locally and then we can merge
avdata99
commented
3 years ago Alpine version changed in the base image It's working in my computer
I think the PR is ready to merge and move this issue to QA
thejuliekramer
commented
3 years ago Merged and moving to QA for @adborden to approve
_Please keep any sensitive details in Google Drive._
Date of report: 8/20/2020 Severity: moderate Due date: 11/20/2020
Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.
* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.
Brief description
https://github.com/GSA/catalog.data.gov/issues/157