Skip to content
This repository has been archived by the owner on Nov 13, 2024. It is now read-only.

[Vulnerability] Reporting a security vulnerability due to Gunicorn version being used #350

Open
2 tasks done
srhrshr opened this issue Oct 21, 2024 · 0 comments
Open
2 tasks done

[Vulnerability] Reporting a security vulnerability due to Gunicorn version being used #350

srhrshr opened this issue Oct 21, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@srhrshr
Copy link

srhrshr commented Oct 21, 2024
edited
Loading

Is this a new bug?

  • I believe this is a new bug
  • I have searched the existing issues, and I could not find an existing issue for this bug

Current Behavior

Hello!

The latest version of canopy 0.9.0 depends upon the package gunicorn==21.2.0 that is reported to be vulnerable. We would like this to be patched at the earliest for our security and compliance requirements.

Looks like the last package release was in March 2024, so we'd like to see if it's on your roadmap for the next release, or do you think it's better to submit a PR for this ourselves?

Expected Behavior

The fix is to upgrade the gunicorn version to at least 22.0.0.

Steps To Reproduce

N/A

Relevant log output

No response

Environment

N/A

Additional Context

No response
@srhrshr srhrshr added the bug Something isn't working label Oct 21, 2024
@miararoy miararoy mentioned this issue Nov 3, 2024
Closed
7 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update gunicorn pinecone-io/canopy
1 participant
@srhrshr