bumping werkzueg version to 3.0.3

pallets / flask

The Python micro framework for building web applications.

https://flask.palletsprojects.com

BSD 3-Clause "New" or "Revised" License

67.5k stars 16.14k forks source link

bumping werkzueg version to 3.0.3 #5524

Closed gaburn closed 2 months ago

gaburn commented 2 months ago

Update Werkzeug to 3.0.3 to address vulnerability found in Werkzeug debugger. https://werkzeug.palletsprojects.com/en/3.0.x/changes/

Updating Werkzeug to version 3.0.3 addresses the debugger vulnerability.

fixes #5523

davidism commented 2 months ago

That's something you do in your application, this is a minimum supported version.

gaburn commented 2 months ago

That's something you do in your application, this is a minimum supported version.

Thanks for taking a look. I understand this can be set by the application, but since there is a security vulnerability in Werkzueg, shouldn't the minimum version be updated so that the security fix is included by default?