Minz/telemetry-backend
1
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

Update requests version because of CVE-2018-18074

Browse Source 
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
This commit is contained in:
Jan Groß
2018-11-06 13:21:54 +01:00
committed by GitHub
parent 0ea1565411
commit 5557185732
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
requirements.txt
View File

@@ -12,7 +12,7 @@ Jinja2==2.9.6
MarkupSafe==1.0 MarkupSafe==1.0
python-engineio==1.7.0 python-engineio==1.7.0
python-socketio==1.7.6 python-socketio==1.7.6
requests==2.18.1 requests>=2.20.0
six==1.10.0 six==1.10.0
urllib3==1.21.1 urllib3==1.21.1
Werkzeug==0.12.2 Werkzeug==0.12.2