diff options
author | Raildo Mascena <rmascena@localhost.localdomain> | 2020-08-19 14:05:31 -0300 |
---|---|---|
committer | Raildo Mascena <rmascena@redhat.com> | 2020-08-24 15:31:55 -0300 |
commit | c0d63cecd8c082fbde9843b3ebc2d465ad341d35 (patch) | |
tree | a86d8a08528cb3815092fa4f8b4c67121ed4ad5c | |
parent | 7d6c71ba26694c21110280e741b9ffe2d36a94ca (diff) | |
download | keystone-c0d63cecd8c082fbde9843b3ebc2d465ad341d35.tar.gz |
Bump pysaml2 requeriment to avoid CVE-2020-5390
Although, Keystone doesn't use the pysaml2 signature on [0]
Would be nice to bump the pysaml2 version for, at least, 5.0.0[1] in
order to have the the CVE fix included[2].
[0]https://opendev.org/openstack/keystone/src/branch/master/keystone/federation/idp.py#L440-L521
[1] https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0
[2] https://github.com/advisories/GHSA-qf7v-8hj3-4xw7
Change-Id: I1d3776f7f1feb6485feecb140703f23027ca3a6f
-rw-r--r-- | lower-constraints.txt | 2 | ||||
-rw-r--r-- | requirements.txt | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/lower-constraints.txt b/lower-constraints.txt index fefc5535e..6f3bcec04 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -46,7 +46,7 @@ pycadf==1.1.0 pycodestyle==2.0.0 python-ldap===3.0.0 pymongo===3.0.2 -pysaml2==4.5.0 +pysaml2==5.0.0 PyJWT==1.6.1 PyMySQL==0.7.6 python-keystoneclient==3.8.0 diff --git a/requirements.txt b/requirements.txt index 9e0473078..7084bee9c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -28,7 +28,7 @@ oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 oslo.upgradecheck>=0.1.0 # Apache-2.0 oslo.utils>=3.33.0 # Apache-2.0 oauthlib>=0.6.2 # BSD -pysaml2>=4.5.0 +pysaml2>=5.0.0 PyJWT>=1.6.1 # MIT dogpile.cache>=0.6.2 # BSD jsonschema>=3.2.0 # MIT |