bcantoni
commented
7 months ago Confirmed that upgrade to 2.0.7 is also in the development branch. This should be fixed with the next release 0.29 comes out.
Closed seanlogan-wh closed 7 months ago
bcantoni
commented
7 months ago Confirmed that upgrade to 2.0.7 is also in the development branch. This should be fixed with the next release 0.29 comes out.
Describe the bug The current version of urllib3 pinned in the latest version 0.28 is 2.0.6. This has a vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2023-45803. It is fixed in the subsequent version of 2.0.7.
Versions v0.28
Results urllib3 can be updated to 2.0.7 to resolve the CVE. I see the version is set on the master branch. Is that planned for a release soon to fix the issue?
Thanks