Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Update Flask #4303

Open
1 task
nickumia-reisys opened this issue May 8, 2023 · 6 comments
Open
1 task

[Snyk] Update Flask #4303

nickumia-reisys opened this issue May 8, 2023 · 6 comments
Labels
bug Software defect or bug CKAN 2.11 Issues addressed by CKAN 2.11 compliance Relating to security compliance or documentation component/catalog Related to catalog component playbooks/roles

Comments

@nickumia-reisys
Copy link
Contributor

Please keep any sensitive details in Google Drive.

Date of report: 5/8/2023
Severity: High
Due date: 6/8/2023

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

  • Analysis has been performed and an issue has been linked to address other occurrences for this class of vulnerability* (link)

* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.

Brief description

Failing Snyk Scans:

Reference:
@nickumia-reisys nickumia-reisys added compliance Relating to security compliance or documentation bug Software defect or bug labels May 8, 2023
This was referenced May 8, 2023
Closed
Closed
Merged
Merged
@hkdctol
Copy link
Contributor

hkdctol commented May 11, 2023

Can't do until completing CKAN 2.10 most likely

@hkdctol hkdctol moved this to 📔 Product Backlog in data.gov team board May 11, 2023
@nickumia-reisys
Copy link
Contributor Author

Related to

@nickumia-reisys nickumia-reisys mentioned this issue Jul 3, 2023
Draft
@hkdctol hkdctol moved this from 📔 Product Backlog to 📡 Blocked in data.gov team board Jul 6, 2023
@btylerburton btylerburton self-assigned this Jul 6, 2023
@nickumia-reisys
Copy link
Contributor Author

Blocked by CKAN releasing compatibility changes to core code. See PR for details:

@nickumia-reisys nickumia-reisys mentioned this issue Jul 17, 2023
Draft
@btylerburton btylerburton removed their assignment Jul 21, 2023
This was referenced Jul 31, 2023
Closed
Closed
@nickumia-reisys nickumia-reisys mentioned this issue Oct 3, 2023
Closed
@nickumia-reisys
Copy link
Contributor Author

See comment

@btylerburton
Copy link
Contributor

Conversation with CKAN core team on release schedule. No new developments, but at least they are aware that we are awaiting these fixes.

ckan/ckan#6381

@Jin-Sun-tts Jin-Sun-tts mentioned this issue Dec 1, 2023
Merged
@FuhuXia
Copy link
Member

FuhuXia commented Sep 17, 2024

CKAN 2.11.0 fixes ths issue with Flask==3.0.3 in the requirements.txt.

@btylerburton btylerburton added CKAN 2.11 Issues addressed by CKAN 2.11 and removed CKAN 2.10 labels Sep 17, 2024
@btylerburton btylerburton added the component/catalog Related to catalog component playbooks/roles label Oct 10, 2024
This was referenced Dec 2, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Software defect or bug CKAN 2.11 Issues addressed by CKAN 2.11 compliance Relating to security compliance or documentation component/catalog Related to catalog component playbooks/roles
Projects
data.gov team board
Status: 📡 Blocked
Milestone
No milestone
Development

No branches or pull requests
5 participants
@FuhuXia @hkdctol @jbrown-xentity @nickumia-reisys @btylerburton