Open QiAnXinCodeSafe opened 1 year ago
@QiAnXinCodeSafe Thank you for posting this issue. We are currently looking into it. We will post here once the fix is in place.
We are not planning to upgrade sphinx
at this moment and we also believe that this vulnerability is unlikely to affect our customers. This appears to be a dev only dependency, so doesn't affect end users. For developers of the SDK, it only comes in to play if they generate docs, which they likely should not need to do since we handle doc generation / publishing, and that the input to the SDK docs is trusted, as it comes from Oracle developers, and any change goes through code review by at least one other Oracle developer, before merging.
https://github.com/oracle/oci-python-sdk/blob/108e7c55196d7fd56da71ec62c40ee4cf5b0ddb7/requirements.txt#L14
CVE-2020-11022 CVE-2020-11023
Recommended upgrade version:1.8.6