http-api: update vyos-http-api-tools for FastAPI security vulnerability
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	jestabro
	Apr 23 2023, 9:11 PM

Description

This is not critical for the vyos-http-api, as explained in
https://github.com/vyos/vyos-http-api-tools/security/dependabot/1
since we are explicitly parsing the form data from request.stream(), and never call request.form().

Nonetheless, to address future issues and possible uses of request.form(), we adopt the change in T5175 to allow updating packages here.

		Status	Subtype	Assigned	Task
		Resolved	BUG	jestabro	T5175 http-api: error in MultiPart parser for FastAPI version >= 0.91.0
		Resolved	BUG	jestabro	T5176 http-api: update vyos-http-api-tools for FastAPI security vulnerability

jestabro triaged this task as High priority.Apr 23 2023, 9:11 PM

jestabro created this task.

jestabro created this object in space S1 VyOS Public.

jestabro changed the task status from Open to Backport pending.Apr 24 2023, 2:02 PM

jestabro closed this task as Resolved.Apr 27 2023, 2:02 PM