launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~pelpsi/lp-signing:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into lp-signing:master

To: mp+440154@xxxxxxxxxxxxxxxxxx
From: Simone Pelosi <mp+440154@xxxxxxxxxxxxxxxxxx>
Date: Fri, 31 Mar 2023 14:11:17 -0000
Reply-to: mp+440154@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Simone Pelosi has proposed merging ~pelpsi/lp-signing:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into lp-signing:master.

Commit message:
Upgraded gunicorn to fix HTTP request smuggling vulnerability

A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~pelpsi/lp-signing/+git/lp-signing/+merge/440154
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~pelpsi/lp-signing:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into lp-signing:master.

diff --git a/requirements.txt b/requirements.txt
index 7b2a353..9a9fbbf 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@ Click==7.0
 Flask==1.0.2
 Flask-Storm==1.0.0
 future==0.16.0
-gunicorn==19.9.0
+gunicorn==20.1.0
 idna==2.8
 iso8601==0.1.12
 itsdangerous==1.1.0