-
-
Notifications
You must be signed in to change notification settings - Fork 363
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request: Release 1.7.1 with security patch for CVE-2022-29217 #1532
Comments
All maintenance to the NixOps core currently happens on NixOps 2 (master / pre-release), because of the project's limited resources. |
I understand. That sounds reasonable. May I also point out though, that this puts the project in an unfortunate position: Currently NixOps 1 is no longer usable because it is unmaintained and probably affected by security issues. And NixOps 2 isn't usable yet because it is still under heavy development and has not been stabilized. |
I'm quite interested in giving NixOps a try but currently the stable version (1.7.0) is affected by CVE-2022-29217 (via the
pyjwt
dependency) and is not installable by default on NixOS.Would it be possible to release a patched version of 1.7.0 with this dependency upgraded to a version without the vulnerability (requires an upgrade of
pyjwt
: 1.7.1 -> 2.4.0)?The text was updated successfully, but these errors were encountered: