Chore(deps): [security] bump cryptography from 43.0.0 to 43.0.1 (!180) · Merge requests · HIFIS Software Deployment / CheckMK-Role

HIFIS Bot requested to merge dependabot-pip-cryptography-43.0.1 into main Sep 04, 2024

Bumps cryptography from 43.0.0 to 43.0.1. This update includes a security fix.

Vulnerabilities fixed

pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-43.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20240903.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

Patched versions: 43.0.1
Affected versions: >= 37.0.0, < 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
.. _v43-0-0:

Commits

a773387 bump for 43.0.1 (#11533)
0393fef Backport setuptools version ban (#11526)
6687bab Bump openssl from 0.10.65 to 0.10.66 in /src/rust (#11320) (#11324)
See full diff in compare view

Chore(deps): [security] bump cryptography from 43.0.0 to 43.0.1

Merge request reports