Merge ~pelpsi/lp-signing/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into ~launchpad/lp-signing/+git/dependencies:master
Proposed by
Simone Pelosi
Status: | Merged |
---|---|
Approved by: | Simone Pelosi |
Approved revision: | 7a8457f95cc9625779578cb7c423109e3838c3e4 |
Merge reported by: | Otto Co-Pilot |
Merged at revision: | not available |
Proposed branch: | ~pelpsi/lp-signing/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability |
Merge into: | ~launchpad/lp-signing/+git/dependencies:master |
Diff against target: |
4 lines (+0/-0) 0 files modified
|
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Guruprasad | Approve | ||
Colin Watson (community) | Approve | ||
Review via email: mp+440165@code.launchpad.net |
This proposal supersedes a proposal from 2023-03-31.
Commit message
Upgraded gunicorn to fix HTTP request smuggling vulnerability
A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe.
To post a comment you must log in.
The added gunicorn 20.1.0 tarball looks okay to me, but the previous version of gunicorn is present in wheel form. We have to check with Colin if it is required to do the same for the newer version as well.