Thanks to visit codestin.com
Credit goes to github.com

Skip to content

break(framework) Bump cryptography version and min Python version#4946

Merged
danieljanes merged 4 commits into
mainfrom
bump-crypto
Feb 20, 2025
Merged

break(framework) Bump cryptography version and min Python version#4946
danieljanes merged 4 commits into
mainfrom
bump-crypto

Conversation

@charlesbvll

@charlesbvll charlesbvll commented Feb 20, 2025

Copy link
Copy Markdown
Member

Issue

Description

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20250211.txt.

Note that we also had to put a lower bound on the Python version as pyca/cryptography doesn't support Python 3.9.0 and 3.9.1 (pyca/cryptography#12045, pyca/cryptography#12043)

Related issues/PRs

Proposal

Explanation

Checklist

  • Implement proposed change
  • Write tests
  • Update documentation
  • Make CI checks pass
  • Ping maintainers on Slack (channel #contributions)

Any other comments?

@danieljanes danieljanes changed the title fix(framework) Bump cryptography version break(framework) Bump cryptography version and min Python version Feb 20, 2025
@danieljanes danieljanes enabled auto-merge (squash) February 20, 2025 11:53
@danieljanes danieljanes merged commit 4d72795 into main Feb 20, 2025
@danieljanes danieljanes deleted the bump-crypto branch February 20, 2025 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants