Skip to content

[Security] Bump cryptography from 41.0.1 to 41.0.2

HIFIS Bot requested to merge dependabot-pip-cryptography-41.0.2 into main

Bumps cryptography from 41.0.1 to 41.0.2. This update includes a security fix.

Vulnerabilities fixed

cryptography mishandles SSH certificates The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

Patched versions: 41.0.2 Affected versions: < 41.0.2

Changelog

Sourced from cryptography's changelog.

41.0.2 - 2023-07-10


* Fixed bugs in creating and parsing SSH certificates where critical options
  with values were handled incorrectly. Certificates are now created correctly
  and parsing accepts correct values as well as the previously generated
  invalid forms with a warning. In the next release, support for parsing these
  invalid forms will be removed.
.. _v41-0-1:
Commits

Merge request reports

Loading