mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2026-01-30 19:29:03 +01:00
4b96e5e2ae
Fixed 5 critical security vulnerabilities in Python dependencies: 1. Tornado (6.4.1 -> >=6.4.2) - CVE-2024-52804: DoS via HTTP cookie parser - CVE-2025-47287: DoS via multipart/form-data parser 2. Requests (2.32.3 -> >=2.32.4) - CVE-2024-47081: URL parsing may leak .netrc credentials 3. Cryptography (43.0.0 -> >=43.0.1) - CVE-2024-12797: Vulnerable statically linked OpenSSL - PVE-2024-73711: Another OpenSSL vulnerability 4. PyJWT (unpinned -> >=2.10.1) - Multiple vulnerabilities in unpinned versions 5. psutil (unpinned -> >=7.2.0) - Security issues in older versions Changes: - Updated requirments.txt with secure minimum versions - Added requirements-secure.txt for documentation All packages updated to secure versions that address these CVEs.
41 lines
709 B
Plaintext
41 lines
709 B
Plaintext
bcrypt==4.2.0
|
|
beautifulsoup4==4.12.3
|
|
boto3==1.34.153
|
|
botocore==1.34.153
|
|
cloudflare==2.20.0
|
|
cryptography>=43.0.1
|
|
cffi
|
|
Django==4.2.14
|
|
docker==7.1.0
|
|
google-api-core==2.19.1
|
|
google-api-python-client==2.139.0
|
|
google-auth==2.32.0
|
|
google-auth-httplib2==0.2.0
|
|
google-auth-oauthlib==1.2.1
|
|
googleapis-common-protos==1.63.2
|
|
ipaddress==1.0.23
|
|
mysqlclient
|
|
oauthlib==3.2.2
|
|
paramiko==3.4.1
|
|
pexpect==4.9.0
|
|
psutil>=7.2.0
|
|
py3dns==4.0.2
|
|
pyOpenSSL==24.2.1
|
|
pyotp
|
|
PyYAML==6.0.1
|
|
requests>=2.32.4
|
|
s3transfer==0.10.2
|
|
sqlparse==0.5.1
|
|
tldextract==5.1.2
|
|
tornado>=6.4.2
|
|
validators==0.33.0
|
|
websocket-client==1.8.0
|
|
|
|
fastapi==0.115.12
|
|
uvicorn==0.34.2
|
|
asyncssh==2.21.0
|
|
python-jose==3.4.0
|
|
websockets==15.0.1
|
|
PyJWT>=2.10.1
|
|
python-dotenv==1.0.0
|