Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, deshani, dill0wn, and 10 others

#8394 upgrade pillow dependency

Milestone: v1.14.0

Status: closed

Owner: Dillon Walls

Labels: None

Component: General

Reviewer: Dave Brondsema

Updated: 2022-09-23

Created: 2021-07-22

Creator: Dillon Walls

Private: No

pillow <= 8.2.0 has a CRITICAL CVE

https://nvd.nist.gov/vuln/detail/CVE-2021-34552

Discussion

Dave Brondsema - 2021-07-22

Recent versions of pip-tools have different output comments. If you try a newer version you can probably avoid the churn.

Also make sure to avoid re-adding chardet (licensing complexities)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dillon Walls - 2021-07-26

Good catch, I updated pip-tools and made sure chardet was omitted. branch dw/8394b

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2021-07-26

status: open --> closed

Reviewer: Dave Brondsema
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2022-09-23

Milestone: unreleased --> v1.14.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.