cyberpanel

Commit Graph

Author	SHA1	Message	Date
master3395	4b96e5e2ae	Security: Update Python packages to fix critical vulnerabilities Fixed 5 critical security vulnerabilities in Python dependencies: 1. Tornado (6.4.1 -> >=6.4.2) - CVE-2024-52804: DoS via HTTP cookie parser - CVE-2025-47287: DoS via multipart/form-data parser 2. Requests (2.32.3 -> >=2.32.4) - CVE-2024-47081: URL parsing may leak .netrc credentials 3. Cryptography (43.0.0 -> >=43.0.1) - CVE-2024-12797: Vulnerable statically linked OpenSSL - PVE-2024-73711: Another OpenSSL vulnerability 4. PyJWT (unpinned -> >=2.10.1) - Multiple vulnerabilities in unpinned versions 5. psutil (unpinned -> >=7.2.0) - Security issues in older versions Changes: - Updated requirments.txt with secure minimum versions - Added requirements-secure.txt for documentation All packages updated to secure versions that address these CVEs.	2026-01-04 22:22:48 +01:00

Author

SHA1

Message

Date

master3395

4b96e5e2ae

Security: Update Python packages to fix critical vulnerabilities

Fixed 5 critical security vulnerabilities in Python dependencies:

1. Tornado (6.4.1 -> >=6.4.2)
   - CVE-2024-52804: DoS via HTTP cookie parser
   - CVE-2025-47287: DoS via multipart/form-data parser

2. Requests (2.32.3 -> >=2.32.4)
   - CVE-2024-47081: URL parsing may leak .netrc credentials

3. Cryptography (43.0.0 -> >=43.0.1)
   - CVE-2024-12797: Vulnerable statically linked OpenSSL
   - PVE-2024-73711: Another OpenSSL vulnerability

4. PyJWT (unpinned -> >=2.10.1)
   - Multiple vulnerabilities in unpinned versions

5. psutil (unpinned -> >=7.2.0)
   - Security issues in older versions

Changes:
- Updated requirments.txt with secure minimum versions
- Added requirements-secure.txt for documentation

All packages updated to secure versions that address these CVEs.

2026-01-04 22:22:48 +01:00

1 Commits