[FOLIO-3884] certifi 2023.7.22, requests 2.31.0 fixing CVE-2023-37920, CVE-2023-32681 Created: 31/Aug/23  Updated: 06/Sep/23  Resolved: 06/Sep/23

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: TBD
Reporter: Julian Ladisch Assignee: Julian Ladisch
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: FOLIO DevOps
RCA Group: Related dependency upgrade

 Description   

Upgrade python dependencies in these folio-tools files:

https://github.com/folio-org/folio-tools/blob/master/kubernetes-utilities/ci-cleanup/module-cleanup/requirements.txt
https://github.com/folio-org/folio-tools/blob/master/kubernetes-utilities/md2kubeyaml/requirements.txt
https://github.com/folio-org/folio-tools/blob/master/vufind-indexer/requirements.txt

Upgrade certifi from 2019.9.11 to 2023.7.22 fixing Improper Following of a Certificate's Chain of Trust regarding "e-Tugra" root certificates: https://nvd.nist.gov/vuln/detail/CVE-2023-37920

Upgrade requests from 2.22.0 to 2.31.0 fixing Information Exposure: https://nvd.nist.gov/vuln/detail/CVE-2023-32681



 Comments   
Comment by Ann-Marie Breaux (Inactive) [ 06/Sep/23 ]

Hi Julian Ladisch Which dev team should this belong to? Could you assign? Thank you!

Generated at Thu Feb 08 23:31:30 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.