Replies: 1 comment 1 reply
-
|
See #5966. :) I would typically just ship a quick patch release, but our build infrastructure has some changes that would require non-trivial backports. mitmproxy 10 isn't far out though. :) |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Ah damn, I did search in the issues but only in the open ones 🙈 I see, thank you for the quick answer! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi!
First of all many thanks for creating and maintaining this awesome piece of software.
I wanted to ask whether it would be possible to release a new version of
mitmproxy?The current latest release (9.0.1) pins the
cryptographydependency to version 38.0. There is a dependabot security alert for that version: CVE-2023-0286 Vulnerable OpenSSL included in cryptography wheelsI saw that
cryptographyis already updated to a newer version on yourmainbranch to version that's not vulnerable anymore.Is there currently a plan to prepare a new release? That would allow us to upgrade to a non-vulnerable version of
cryptography.Thanks a lot!
Marius
Beta Was this translation helpful? Give feedback.
All reactions