Closed helix-loop closed 5 months ago
This code is not actually used. We don't use django directly anymore, we just use the django ORM. We use FastAPI for the server stuff. Please reopen if I misunderstood it, but etesync is not affected based on my understanding.
As etebase-server is using Django, I was looking at the version of Django used in etebase-server because of CVE-2024-24680. As referenced in requirements.txt this is 3.2.16, which at least has one vulnerability according to https://docs.djangoproject.com/en/dev/releases/3.2.17/.
Would it be possible to bump Django to 3.2.24 (https://docs.djangoproject.com/en/dev/releases/3.2.24/) and publish a new release of etebase-server?