Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk: Medium] Allocation of Resources without limits (Due: 3/15/2020) #3467

Closed
jason-upchurch opened this issue Jan 15, 2020 · 3 comments
Closed

[Snyk: Medium] Allocation of Resources without limits (Due: 3/15/2020) #3467

jason-upchurch opened this issue Jan 15, 2020 · 3 comments
Labels
Security: moderate Remediate within 60 days
Milestone
Sprint 11.6

Comments

@jason-upchurch
Copy link
Contributor

jason-upchurch commented Jan 15, 2020
edited by JonellaCulmer
Loading

Summary

Remediation: Pin [email protected] to [email protected] to fix
✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://snyk.io/vuln/SNYK-PYTHON-PILLOW-536096] in [email protected]
introduced by [email protected] > [email protected]
@jason-upchurch jason-upchurch added the Security: moderate Remediate within 60 days label Jan 15, 2020
@jason-upchurch jason-upchurch changed the title [Snyk: Medium] Allocation of Resources without limits (Due: 2/23/2020) [Snyk: Medium] Allocation of Resources without limits (Due: 3/15/2020) Jan 15, 2020
@jason-upchurch jason-upchurch added this to the Sprint 11.5 milestone Jan 15, 2020
@jason-upchurch jason-upchurch mentioned this issue Jan 15, 2020
Closed
2 tasks
@hcaofec hcaofec mentioned this issue Jan 22, 2020
Closed
1 task
@fecjjeng fecjjeng mentioned this issue Jan 29, 2020
Closed
2 tasks
@pkfec pkfec mentioned this issue Feb 5, 2020
Closed
1 task
@pkfec pkfec mentioned this issue Feb 12, 2020
Closed
2 tasks
@patphongs
Copy link
Member

This is related to #3396. From earlier discussions, we did not see this as a significant external security vulnerability: #3396 (comment)

@patphongs patphongs mentioned this issue Feb 18, 2020
Closed
1 task
@fecjjeng fecjjeng mentioned this issue Feb 26, 2020
Closed
2 tasks
@pkfec
Copy link
Contributor

pkfec commented Feb 27, 2020

The pillow pkg upgrade is handled in this PR #3563. The change gets deployed to dev on 03/03 during the 11.5 release cut.

@pkfec
Copy link
Contributor

pkfec commented Feb 29, 2020

Pillow pkg is also updated to v6.2.2. PR #3563. This PR #3563 is merged. Closing this issue.

@pkfec pkfec closed this as completed Feb 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Security: moderate Remediate within 60 days
Projects
None yet
Milestone
Sprint 11.6
Development

No branches or pull requests
4 participants
@pkfec @patphongs @JonellaCulmer @jason-upchurch