launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #29856
[Merge] ~pelpsi/turnip/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into ~canonical-launchpad-branches/turnip/+git/dependencies:master
Simone Pelosi has proposed merging ~pelpsi/turnip/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into ~canonical-launchpad-branches/turnip/+git/dependencies:master.
Commit message:
Upgraded gunicorn to fix HTTP request smuggling vulnerability
A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~pelpsi/turnip/+git/dependencies/+merge/440163
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~pelpsi/turnip/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into ~canonical-launchpad-branches/turnip/+git/dependencies:master.
diff --git a/gunicorn-19.3.0.tar.gz b/gunicorn-19.3.0.tar.gz
deleted file mode 100644
index 1d38258..0000000
Binary files a/gunicorn-19.3.0.tar.gz and /dev/null differ
diff --git a/gunicorn-20.1.0.tar.gz b/gunicorn-20.1.0.tar.gz
new file mode 100644
index 0000000..b5da493
Binary files /dev/null and b/gunicorn-20.1.0.tar.gz differ