Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-01-29 10:49:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
211571a4dbdcf9a4e1d0edf6df46ebeaf1e24efc
CyberPanel/requirements-secure.txt
master3395 4b96e5e2ae Security: Update Python packages to fix critical vulnerabilities 
Fixed 5 critical security vulnerabilities in Python dependencies:

1. Tornado (6.4.1 -> >=6.4.2)
   - CVE-2024-52804: DoS via HTTP cookie parser
   - CVE-2025-47287: DoS via multipart/form-data parser

2. Requests (2.32.3 -> >=2.32.4)
   - CVE-2024-47081: URL parsing may leak .netrc credentials

3. Cryptography (43.0.0 -> >=43.0.1)
   - CVE-2024-12797: Vulnerable statically linked OpenSSL
   - PVE-2024-73711: Another OpenSSL vulnerability

4. PyJWT (unpinned -> >=2.10.1)
   - Multiple vulnerabilities in unpinned versions

5. psutil (unpinned -> >=7.2.0)
   - Security issues in older versions

Changes:
- Updated requirments.txt with secure minimum versions
- Added requirements-secure.txt for documentation

All packages updated to secure versions that address these CVEs.
2026-01-04 22:22:48 +01:00

18 lines
477 B
Plaintext
Raw Blame History

# CyberPanel Secure Package Versions
# Generated: $(date +'%Y-%m-%d %H:%M:%S')
# Purpose: Pin secure versions to prevent future vulnerabilities
# Critical Security Updates (Post-Vulnerability Fix)
tornado>=6.4.2
requests>=2.32.4
cryptography>=43.0.1
# Additional Security Packages
PyJWT>=2.10.1
psutil>=7.2.0
# Note: These minimum versions address:
# - CVE-2024-52804, CVE-2025-47287 (Tornado)
# - CVE-2024-47081 (Requests)
# - CVE-2024-12797, PVE-2024-73711 (Cryptography)
Reference in New Issue View Git Blame Copy Permalink