Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin pyopenssl to something recent #11800

Merged
merged 1 commit into from
Feb 12, 2025
Merged

Pin pyopenssl to something recent #11800

merged 1 commit into from
Feb 12, 2025

Conversation

valentijnscholten
Copy link
Member

Fix #11799

For some reason pip was installing an old version of pyopenssl, something like 22.0.x. With pip freeze I couldn't find any constraints that pointed to the need of an old version. This PR pins pyopenssl to 25.0.0 which also fixes #11799

@valentijnscholten valentijnscholten added this to the 2.43.1 milestone Feb 12, 2025
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The PR adds pyopenssl 25.0.0 as a dependency for cryptographic and SSL/TLS functionality, but requires careful implementation and configuration to mitigate potential security risks.

Expand for full summary

PR adds pyopenssl==25.0.0 to requirements.txt for cryptographic operations and SSL/TLS connections. Security findings:

Potential security risks with pyopenssl include: 1) Cryptographic libraries can introduce security risks if not properly implemented, 2) Requires careful configuration to ensure secure defaults, 3) Potential vulnerabilities if not used correctly. Careful review of implementation is recommended.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

View PR in the DryRun Dashboard.

@rossops rossops self-requested a review February 12, 2025 17:06
@rossops rossops merged commit eb4de95 into bugfix Feb 12, 2025
74 checks passed
valentijnscholten added a commit to valentijnscholten/django-DefectDojo that referenced this pull request Feb 12, 2025
@valentijnscholten
Pin pyopenssl to something recent (DefectDojo#11800)
4ac560e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grendel513 grendel513 grendel513 approved these changes

@dogboat dogboat dogboat approved these changes

@rossops rossops rossops approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.43.2
Development

Successfully merging this pull request may close these issues.
5 participants
@valentijnscholten @grendel513 @dogboat @rossops @Maffooch