The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/352
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This is due to a medium security alert: CVE-2018-18074. https://nvd.nist.gov/vuln/detail/CVE-2018-18074
From a3b551fe8a511e41329f99d4ed35376d11f72815 Mon Sep 17 00:00:00 2001 From: Alex Kavanagh <alex.kavan...@canonical.com> Date: Thu, 17 Jan 2019 14:29:57 +0000 Subject: [PATCH] Update requests to minimum version 2.20.0 This is due to a medium security alert: CVE-2018-18074. https://nvd.nist.gov/vuln/detail/CVE-2018-18074 --- requirements.txt | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 1098cc90..bb3c981b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ pbr>=1.6 python-dateutil>=2.4.2 six>=1.9.0 ws4py!=0.3.5,>=0.3.4 # 0.3.5 is broken for websocket support -requests!=2.8.0,!=2.12.0,!=2.12.1,>=2.5.2 +requests>=2.20.0 requests-unixsocket>=0.1.5 requests-toolbelt>=0.8.0 cryptography!=1.3.0,>=1.0 diff --git a/setup.py b/setup.py index e770088b..ddfcb924 100644 --- a/setup.py +++ b/setup.py @@ -29,7 +29,7 @@ 'pbr>=1.8', ], install_requires=[ - 'requests!=2.8.0,>=2.5.2', + 'requests>=2.20.0', # >= 0.1.5 needed for HTTP_PROXY support 'requests-unixsocket>=0.1.5', ],
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel