Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is a vulnerability in Sphinx:1.8.3,upgrade recommended #503

Open
QiAnXinCodeSafe opened this issue Dec 27, 2022 · 2 comments
Open

There is a vulnerability in Sphinx:1.8.3,upgrade recommended #503

QiAnXinCodeSafe opened this issue Dec 27, 2022 · 2 comments
Labels
SDK Issue pertains to the SDK itself and not specific to any service

Comments

@QiAnXinCodeSafe
Copy link

oci-python-sdk/requirements.txt

Line 14 in 108e7c5

sphinx==1.8.3

CVE-2020-11022 CVE-2020-11023

Recommended upgrade version:1.8.6
@KartikShrikantHegde KartikShrikantHegde added the SDK Issue pertains to the SDK itself and not specific to any service label Jan 3, 2023
@Swarn10
Copy link

Swarn10 commented Jan 5, 2023

@QiAnXinCodeSafe Thank you for posting this issue. We are currently looking into it. We will post here once the fix is in place.

@Swarn10
Copy link

Swarn10 commented Jan 23, 2023

We are not planning to upgrade sphinx at this moment and we also believe that this vulnerability is unlikely to affect our customers. This appears to be a dev only dependency, so doesn't affect end users. For developers of the SDK, it only comes in to play if they generate docs, which they likely should not need to do since we handle doc generation / publishing, and that the input to the SDK docs is trusted, as it comes from Oracle developers, and any change goes through code review by at least one other Oracle developer, before merging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
SDK Issue pertains to the SDK itself and not specific to any service
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@KartikShrikantHegde @QiAnXinCodeSafe @Swarn10