Summary
This is a simple requirements.txt version update for cryptography to version 39.0.2 to fix CVE-2023-0286 & CVE-2023-23931.
Details
CVE-2023-0286 & CVE-2023-23931 is fixed in cryptography 39.0.1, version 36.0.2 was being pinned in requirements.txt.
Impact
Possible impact to cryptographic functions in OAuth and maybe others, unlikely but possible.
I read the cryptography changelog and it appears the only real breaking changes is the requirement on OpenSSL/LibreSSL version.
No impact to requirements.txt installation on distributions.
Summary
This is a simple requirements.txt version update for cryptography to version 39.0.2 to fix CVE-2023-0286 & CVE-2023-23931.
Details
CVE-2023-0286 & CVE-2023-23931 is fixed in cryptography 39.0.1, version 36.0.2 was being pinned in requirements.txt.
Impact
Possible impact to cryptographic functions in OAuth and maybe others, unlikely but possible.
I read the cryptography changelog and it appears the only real breaking changes is the requirement on OpenSSL/LibreSSL version.
No impact to requirements.txt installation on distributions.