update dnspython required versions to allow latest 2.6.1 #94
Conversation
|
Hi, thank you for submitting this pull request. In order to consider your code we need you to sign the Oracle Contribution Agreement (OCA). Please review the details and follow the instructions at https://oca.opensource.oracle.com/ |
working on it. |
|
We submitted it. It is now "Under Review" |
|
@oscpache would you be able to take a look at this PR? |
|
Hello @mjperrone, Thanks for bringing this to our attention. We have considered CVE-2023-29483 and we're expecting to make the version upgrade moving forward. Certainly, we'll use a version range where the vulnerability has been mitigated. |
Great news Oscar. I don't particularly care if you use this PR or create a new one. Thanks for the update. |
|
Hi, thank you for your contribution. Please confirm this code is submitted under the terms of the OCA (Oracle's Contribution Agreement) you have previously signed by cutting and pasting the following text as a comment: |
|
I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it. |
|
Hi, thank you for your contribution. Your code has been assigned to an internal queue. Please follow |
This was similarly done in the past by @nmariz in this commit.
I chose to use
<instead of<=to allow more patch versions to be picked up in the future. I think using< 3.0.0would probably be better to allow more minor versions to be picked up.The reason I am motivated to make this PR is because version 2.6.1 fixes CVE-2023-29483.