launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #29805
[Merge] ~pelpsi/launchpad:upgrade-gunicorn-to-fix-HTTP-request-smuggling-vulnerability into launchpad:master
Simone Pelosi has proposed merging ~pelpsi/launchpad:upgrade-gunicorn-to-fix-HTTP-request-smuggling-vulnerability into launchpad:master.
Commit message:
Upgraded gunicorn to fix HTTP request smuggling vulnerability
A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~pelpsi/launchpad/+git/launchpad/+merge/439504
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~pelpsi/launchpad:upgrade-gunicorn-to-fix-HTTP-request-smuggling-vulnerability into launchpad:master.
diff --git a/requirements/launchpad.txt b/requirements/launchpad.txt
index 0b7e852..e15a388 100644
--- a/requirements/launchpad.txt
+++ b/requirements/launchpad.txt
@@ -58,7 +58,7 @@ FormEncode==1.3.1
futures==3.3.0
geoip2==2.9.0
grokcore.component==3.1
-gunicorn==19.8.1
+gunicorn==20.1.0
httplib2==0.8
hyperlink==18.0.0
immutables==0.14