Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed CVE - issue 86 mentioned in opensearch-dsl-py repo #295

Merged
merged 1 commit into from
Feb 16, 2023
Merged

Fixed CVE - issue 86 mentioned in opensearch-dsl-py repo #295

merged 1 commit into from
Feb 16, 2023

Conversation

saimedhi
Copy link
Collaborator

@saimedhi saimedhi commented Feb 16, 2023
edited by harshavamsi
Loading

Description

Fixed CVE - issue 86 mentioned in opensearch-dsl-py repo

Closes opensearch-project/opensearch-dsl-py#86

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@saimedhi saimedhi marked this pull request as draft February 16, 2023 20:48
@saimedhi
Fixed CVE - issue 86 mentioned in opensearch-dsl-py repo
6259825 
Signed-off-by: saimedhi <saimedhi@amazon.com>
@saimedhi saimedhi changed the title Fixed CVE #86 mentioned in opensearch-dsl-py repo Fixed CVE - issue 86 mentioned in opensearch-dsl-py repo Feb 16, 2023
@saimedhi
Copy link
Collaborator Author

saimedhi commented Feb 16, 2023
edited
Loading

To solve the following cve, "certifi" library installed in setup.py file must be >=2022.12.07 for which python version must be >=3.6.

@saimedhi saimedhi marked this pull request as ready for review February 16, 2023 21:10
@harshavamsi harshavamsi merged commit b26e2f3 into opensearch-project:main Feb 16, 2023
@VachaShah
Copy link
Collaborator

This fix would also need to go in the dsl-py repo.

@saimedhi
Copy link
Collaborator Author

saimedhi commented Feb 16, 2023
edited
Loading

This fix would also need to go in the dsl-py repo.

In dsl-py repo, certify is coming from opensearch-py. There is no separate installation of certify over there, as of my knowledge.

@VachaShah
Copy link
Collaborator

This fix would also need to go in the dsl-py repo.

In dsl-py repo, certify is coming from opensearch-py. There is no separate installation of certify over there, as of my knowledge.

Got it, thanks for clarifying. So the issue opensearch-project/opensearch-dsl-py#86 would only resolve when there is a new version of the opensearch-py client with this fix and that new version is used in opensearch-dsl-py.

harshavamsi added a commit that referenced this pull request Mar 1, 2023
@harshavamsi @dblock
@saimedhi @VachaShah
Update 2.x to be inline with main (#308)
e773f37 
* Created untriaged issue workflow. (#290)

Signed-off-by: dblock <dblock@amazon.com>

* Removed 'out/opensearchpy' folder which was produced while generating pyi files for plugins (#288)

Signed-off-by: saimedhi <saimedhi@amazon.com>

* Merging opensearch-dsl-py to opensearch-py (#287)

Signed-off-by: saimedhi <saimedhi@amazon.com>

* Fixed CVE - issue 86 mentioned in opensearch-dsl-py repo (#295)

Signed-off-by: saimedhi <saimedhi@amazon.com>

* Removing low-level and high-level client terminology (#298)

Signed-off-by: Vacha Shah <vachshah@amazon.com>

* Added upgrading.md file and updated it for opensearch-py 2.2.0 release (#293)

Signed-off-by: saimedhi <saimedhi@amazon.com>

---------

Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: saimedhi <saimedhi@amazon.com>
Signed-off-by: Vacha Shah <vachshah@amazon.com>
Co-authored-by: Daniel (dB.) Doubrovkine <dblock@amazon.com>
Co-authored-by: Sai Medhini Reddy Maryada <117196660+saimedhi@users.noreply.github.com>
Co-authored-by: Vacha Shah <vachshah@amazon.com>
@VachaShah VachaShah mentioned this pull request Mar 2, 2023
Closed
@saimedhi saimedhi deleted the fix/dsl-cve-#86 branch April 4, 2023 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harshavamsi harshavamsi harshavamsi approved these changes

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@axeoman axeoman Awaiting requested review from axeoman axeoman is a code owner

@deztructor deztructor Awaiting requested review from deztructor

@Shephalimittal Shephalimittal Awaiting requested review from Shephalimittal Shephalimittal is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

certifi-2022.6.15-py3-none-any.whl: 1 vulnerabilities (highest severity is: 6.8)
3 participants
@saimedhi @VachaShah @harshavamsi