Skip to content
This repository has been archived by the owner on May 6, 2024. It is now read-only.

[MNTL-142] [Security] Upgrade jinja2 dependency for CVE-2024-22195 #366

Closed
mikealfare opened this issue Feb 23, 2024 · 3 comments · Fixed by #367
Closed

[MNTL-142] [Security] Upgrade jinja2 dependency for CVE-2024-22195 #366

mikealfare opened this issue Feb 23, 2024 · 3 comments · Fixed by #367
Assignees
Labels

Comments

@mikealfare
Copy link
Contributor

mikealfare commented Feb 23, 2024

Current Behavior

CVE-2024-22195 references a vulnerability for jinja2<3.1.3

Expected Behavior

We need to pin to at least jinja2>=3.1.3

Additional Context

Update https://dbtlabs.atlassian.net/browse/MNTL-142 when completed.

@mikealfare mikealfare changed the title [Security] Upgrade jinja2 dependency for CVE-2024-22195 [MNTL-142] [Security] Upgrade jinja2 dependency for CVE-2024-22195 Feb 23, 2024
@mikealfare
Copy link
Contributor Author

I don't believe this vulnerability affects this repository. jinja2 is only referenced as part of the name of an internal project. This also only impacts dbt==0.20.0. Awaiting feedback, but this will likely be closed.

@mikealfare mikealfare linked a pull request Feb 28, 2024 that will close this issue
3 tasks
@mikealfare mikealfare reopened this Feb 29, 2024
@mikealfare
Copy link
Contributor Author

Keeping this open until all homebrew releases go out.

@mikealfare
Copy link
Contributor Author

All homebrew releases are complete.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant