Bump cryptography for CVE-2023-49083 (!680) · Merge requests · Crafty Controller / Crafty 4

Andrew requested to merge sec/bump-cryptography into dev Nov 30, 2023

What does this MR do and why?

Bump Cryptography to 41.0.7 for CVE-2023-49083

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49083

Bump pyOpenSSL while we're at it.

Test Steps

With existing install:

Request new API key
Log out/in

With Fresh Install:

Request new API key
Log out/in
Get a new certificate

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Have you checked this doesn't interfere/conflict/duplicate someone elses work?
Have you fully tested your changes?
Have you resolved any lint issues?
Have you assigned a reviewer?
Have you applied correct labels?

Edited Nov 30, 2023 by Andrew

Bump cryptography for CVE-2023-49083

What does this MR do and why?

Test Steps

MR acceptance checklist

Merge request reports