launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~pelpsi/rutabaga:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into rutabaga:master

To: mp+440149@xxxxxxxxxxxxxxxxxx
From: Simone Pelosi <mp+440149@xxxxxxxxxxxxxxxxxx>
Date: Fri, 31 Mar 2023 13:54:17 -0000
Reply-to: mp+440149@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Simone Pelosi has proposed merging ~pelpsi/rutabaga:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into rutabaga:master.

Commit message:
Upgraded gunicorn to fix HTTP request smuggling vulnerability

A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~pelpsi/rutabaga/+git/rutabaga/+merge/440149
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~pelpsi/rutabaga:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into rutabaga:master.

diff --git a/README.rst b/README.rst
index a5118a3..e62049a 100644
--- a/README.rst
+++ b/README.rst
@@ -7,15 +7,21 @@ Development
 -----------
 
 Install::
-
+  python3 -m venv env
+  source env/bin/activate
+  pip install virtualenv
+  sudo apt install sqlite3
   pip install -r bootstrap-requirements.txt -r requirements.txt
   python3 ./setup.py develop
 
 Run::
 
   make migrate
-  make run
+  make run-api
+
+Run tests::
 
+  make check
 
 Squid3
 ------
diff --git a/requirements.txt b/requirements.txt
index ab02182..e5fc8ac 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,7 +10,7 @@ envdir==1.0.1
 extras==0.0.3
 fixtures==1.3.1
 flake8==2.5.0
-gunicorn==19.3.0
+gunicorn==20.1.0
 iso8601==0.1.10
 linecache2==1.0.0
 mccabe==0.3.1