Page MenuHomeVyOS Platform

http-api: update vyos-http-api-tools for FastAPI security vulnerability
Closed, ResolvedPublicBUG

Description

This is not critical for the vyos-http-api, as explained in
https://github.com/vyos/vyos-http-api-tools/security/dependabot/1
since we are explicitly parsing the form data from request.stream(), and never call request.form().

Nonetheless, to address future issues and possible uses of request.form(), we adopt the change in T5175 to allow updating packages here.

Details

Version
vyos-1.4
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)