launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #29853
[Merge] ~pelpsi/turnip:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into turnip:master
Simone Pelosi has proposed merging ~pelpsi/turnip:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into turnip:master.
Commit message:
Upgraded gunicorn to fix HTTP request smuggling vulnerability
A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~pelpsi/turnip/+git/turnip/+merge/440158
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~pelpsi/turnip:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into turnip:master.
diff --git a/requirements.txt b/requirements.txt
index 8d5734d..c9bc202 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -22,7 +22,7 @@ future==0.18.2
gevent==20.6.2
gmpy==1.17
greenlet==0.4.16
-gunicorn==19.3.0
+gunicorn==20.1.0
hyperlink==19.0.0
idna==2.9
importlib_metadata==1.7.0
Follow ups