mirror of
git://git.yoctoproject.org/layerindex-web.git
synced 2025-07-19 20:59:01 +02:00
requirements.txt: bump Django version to fix CVE-2019-19844
Fixes a vulnerability in the password reset process due to insufficiently stringent validation of unicode email addresses. https://www.djangoproject.com/weblog/2019/dec/18/security-releases/ https://nvd.nist.gov/vuln/detail/CVE-2019-19844 (The existing version specification would have selected the fixed version of Django already for new installs, but bumping the minimum ensures that it will be installed for upgrades with ./dockersetup.py -u as well.) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
This commit is contained in:
parent
29dd3afa66
commit
8e3cbb7038
|
@ -3,7 +3,7 @@ beautifulsoup4==4.8.1
|
|||
billiard==3.6.1.0
|
||||
celery==4.3.0
|
||||
confusable-homoglyphs==3.2.0
|
||||
Django>=1.11.24,<1.12
|
||||
Django>=1.11.27,<1.12
|
||||
django-appconf==1.0.3
|
||||
django-axes==4.5.4
|
||||
django-bootstrap-pagination==1.7.1
|
||||
|
|
Loading…
Reference in New Issue
Block a user