search

freelawproject / doctor

A microservice for document conversion at scale
https://free.law/projects/doctor
BSD 2-Clause "Simplified" License
54 stars 14 forks source link

update django to pick up CVEs #188

Closed trashhalo closed 4 months ago

trashhalo commented 4 months ago

CVE-2022-28346 as example. but handful found in google container scanning

trashhalo commented 4 months ago

Heres the full list of django vulnerabilities in doctor

Screenshot 2024-05-15 at 3 07 36 PM
mlissner commented 4 months ago

Hm, lots of failing tests. I wonder if that's just because other things are broken. Perhaps #187 will fix that....

mlissner commented 4 months ago

I don't see fixes in #187 that'd help here, so I think these are things that genuinely get broken by the upgrade.

trashhalo commented 4 months ago

It looks like the server is returning 500s but I don't see the server logs in the test failures. Do you know how to see that?

mlissner commented 4 months ago

You know, I really can't imagine how this version bump of Django would cause so much wreckage. I'm going to just merge, and we'll get this fixed in another PR if needed. Thank you!