Django-hordak depends on babel version with security warning

adamcharnock / django-hordak

Double entry accounting in Django

http://django-hordak.readthedocs.io

MIT License

231 stars 55 forks source link

Django-hordak depends on babel version with security warning #62

Closed PetrDlouhy closed 2 years ago

PetrDlouhy commented 2 years ago

Dependabot shows me this warning:

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

Babel version is fixed in django-hordak to 2.5.1, so I am unable to update to the newest version.

PetrDlouhy commented 2 years ago

Fixed in django-hordak 1.10.1