Simone Pelosi has proposed merging ~pelpsi/turnip:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into turnip:master.
Commit message: Upgraded gunicorn to fix HTTP request smuggling vulnerability A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe. Requested reviews: Launchpad code reviewers (launchpad-reviewers) For more details, see: https://code.launchpad.net/~pelpsi/turnip/+git/turnip/+merge/440158 -- Your team Launchpad code reviewers is requested to review the proposed merge of ~pelpsi/turnip:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into turnip:master.
diff --git a/requirements.txt b/requirements.txt index 8d5734d..c9bc202 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,7 +22,7 @@ future==0.18.2 gevent==20.6.2 gmpy==1.17 greenlet==0.4.16 -gunicorn==19.3.0 +gunicorn==20.1.0 hyperlink==19.0.0 idna==2.9 importlib_metadata==1.7.0
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : launchpad-reviewers@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp