Replies: 1 comment 1 reply
-
See #5966. :) I would typically just ship a quick patch release, but our build infrastructure has some changes that would require non-trivial backports. mitmproxy 10 isn't far out though. :) |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi!
First of all many thanks for creating and maintaining this awesome piece of software.
I wanted to ask whether it would be possible to release a new version of
mitmproxy
?The current latest release (9.0.1) pins the
cryptography
dependency to version 38.0. There is a dependabot security alert for that version: CVE-2023-0286 Vulnerable OpenSSL included in cryptography wheelsI saw that
cryptography
is already updated to a newer version on yourmain
branch to version that's not vulnerable anymore.Is there currently a plan to prepare a new release? That would allow us to upgrade to a non-vulnerable version of
cryptography
.Thanks a lot!
Marius
Beta Was this translation helpful? Give feedback.
All reactions