Skip to content
This repository has been archived by the owner on May 1, 2024. It is now read-only.

Investigate: pyYaml security vulnerability #160

Closed
robvdl opened this issue Jan 4, 2019 · 1 comment
Closed

Investigate: pyYaml security vulnerability #160

robvdl opened this issue Jan 4, 2019 · 1 comment

Comments

@robvdl
Copy link
Member

robvdl commented Jan 4, 2019

It looks like we have to be on the beta version of PyYaml, got a github security notification.

Too busy to look into it now, it isn't likely a big issue as yaml files are generated by the developer anyway.

It looks like we should be on PyYaml >= 4.2b1 but need to test if the code is compatible with this version, the released version 3.13 is supposed to be vulnerable which is why we need to be on the beta (not great)

See: yaml/pyyaml#243

@robvdl
Copy link
Member Author

robvdl commented Feb 10, 2020

We can upgrade PyYAML now, I've tried a newer version and it seems to be working fine.

Running into "other" unrelated breakages, but seems unrelated. We should be able to upgrade PyYaml no problem.

@robvdl robvdl closed this as completed Feb 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant