Skip to content

Security: Fix CVE-2026-45409 (idna) and GHSA-537c-gmf6-5ccf (cryptogr…#902

Merged
mayankmendix merged 1 commit into
developfrom
fix/4202-4203
Jul 3, 2026
Merged

Security: Fix CVE-2026-45409 (idna) and GHSA-537c-gmf6-5ccf (cryptogr…#902
mayankmendix merged 1 commit into
developfrom
fix/4202-4203

Conversation

@bhavinshah-mendix

Copy link
Copy Markdown
Collaborator

…aphy)

Upgrades dependencies to address high-severity vulnerabilities:
- cryptography 47.0.0 → 48.0.1: Fixes vulnerable OpenSSL in wheels
- idna 3.10 → 3.15: Fixes DoS vulnerability in IDNA encoding

CVE-2026-45409: idna versions prior to 3.15 were vulnerable to DoS
attacks via specially crafted inputs to idna.encode() function.

GHSA-537c-gmf6-5ccf: cryptography wheels prior to 48.0.1 included
a statically linked copy of OpenSSL with security vulnerabilities.
@mayankmendix mayankmendix merged commit e316ef6 into develop Jul 3, 2026
26 checks passed
@mayankmendix mayankmendix deleted the fix/4202-4203 branch July 3, 2026 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants