You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for reporting this. We have been trying to upgrade this dependency, but unfortunately the ecosystem of many of our users is a bit delayed (very old distros, etc), so it had been a challenge to do it without breaking. As the URLs is Conan are quite controlled (Artifactory servers, recipes defined urls), doesn't seem a very problematic vuln.
But certainly, we should probably keep pushing for this, lets try to do it next 1.40.
Conan 1.39.0 requires urllib3
>=1.25.8,<1.26
. However versions of urllib3 before 1.26.5 are vulnerable to CVE-2021-33503.Regardless of whether conan itself is affected by this issue the presence of urllib3 at this version is likely to cause problems in security scanning.
The text was updated successfully, but these errors were encountered: