From e2ac8828820a38abc7efe74dd12cd33cca2b0b6f Mon Sep 17 00:00:00 2001
From: Guillermo Gonzalez-Santander <guillermo.gonzalez@baobabsoluciones.es>
Date: Fri, 10 May 2024 09:31:01 +0200
Subject: [PATCH 1/3] Changes needed due to security reasons. Bump versions to
 generate alpha versions and dockerhub images

---
 .github/workflows/cornflow-client-publish-to-pypi.yml |  2 +-
 .github/workflows/cornflow-publish-to-pypi.yml        |  2 +-
 cornflow-server/Dockerfile                            |  4 ++--
 cornflow-server/airflow_config/Dockerfile             |  6 +++---
 cornflow-server/changelog.rst                         | 11 +++++++++++
 cornflow-server/requirements.txt                      |  4 ++--
 cornflow-server/setup.py                              |  2 +-
 docker-compose-cornflow-celery.yml                    |  4 ++--
 docker-compose-cornflow-ldap.yml                      |  2 +-
 docker-compose.yml                                    |  4 ++--
 docs/source/conf.py                                   |  4 ++--
 11 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/cornflow-client-publish-to-pypi.yml b/.github/workflows/cornflow-client-publish-to-pypi.yml
index a17325de..7a1439d8 100644
--- a/.github/workflows/cornflow-client-publish-to-pypi.yml
+++ b/.github/workflows/cornflow-client-publish-to-pypi.yml
@@ -38,7 +38,7 @@ jobs:
         password: ${{ secrets.pypi_password }}
         packages_dir: libs/client/dist/
     - name: Get version number
-      uses: jungwinter/split@v2
+      uses: winterjung/split@v2
       id: split
       with:
         msg : ${{ github.ref_name}}
diff --git a/.github/workflows/cornflow-publish-to-pypi.yml b/.github/workflows/cornflow-publish-to-pypi.yml
index 85fa023d..1d1ae8c9 100644
--- a/.github/workflows/cornflow-publish-to-pypi.yml
+++ b/.github/workflows/cornflow-publish-to-pypi.yml
@@ -38,7 +38,7 @@ jobs:
         password: ${{ secrets.CORNFLOW_PYPI_TOKEN }}
         packages_dir: cornflow-server/dist/
     - name: Get version number
-      uses: jungwinter/split@v2
+      uses: winterjung/split@v2
       id: split
       with:
         msg : ${{ github.ref_name }}
diff --git a/cornflow-server/Dockerfile b/cornflow-server/Dockerfile
index 194621bb..3afe28b7 100644
--- a/cornflow-server/Dockerfile
+++ b/cornflow-server/Dockerfile
@@ -1,4 +1,4 @@
-# VERSION 1.0.10
+# VERSION 1.0.11
 # AUTHOR: sistemas@baobabsoluciones.es
 
 FROM python:3.10-slim-buster
@@ -9,7 +9,7 @@ ENV DEBIAN_FRONTEND noninteractive
 ENV TERM linux
 
 # CORNFLOW vars
-ARG CORNFLOW_VERSION=1.0.10
+ARG CORNFLOW_VERSION=1.0.11a1
 
 # install linux pkg
 RUN apt update -y && apt-get install -y --no-install-recommends \
diff --git a/cornflow-server/airflow_config/Dockerfile b/cornflow-server/airflow_config/Dockerfile
index e2a21369..5ac91e6d 100644
--- a/cornflow-server/airflow_config/Dockerfile
+++ b/cornflow-server/airflow_config/Dockerfile
@@ -1,7 +1,7 @@
 # AIRFLOW VERSION 2.9.0
 # AUTHOR: cornflow@baobabsoluciones.es
 # DESCRIPTION: Airflow 2.9.0 image personalized for use with Cornflow (from baobabsoluciones/pysolver image)
-# baobab code version is 1.0.10
+# baobab code version is 1.0.11
 
 FROM baobabsoluciones/pysolver:1.0
 LABEL maintainer="cornflow@baobabsoluciones"
@@ -11,7 +11,7 @@ ENV DEBIAN_FRONTEND noninteractive
 ENV TERM linux
 
 # Airflow vars
-ARG AIRFLOW_VERSION=2.9.0
+ARG AIRFLOW_VERSION=2.9.1
 ARG AIRFLOW_USER_HOME=/usr/local/airflow
 ARG CONSTRAINT_URL="https://raw.githubusercontent.com/apache/airflow/constraints-${AIRFLOW_VERSION}/constraints-3.10.txt"
 ARG AIRFLOW__CORE__LOAD_EXAMPLES=False
@@ -20,7 +20,7 @@ ENV AIRFLOW_HOME=${AIRFLOW_USER_HOME}
 # install Airflow and extras: celery,postgres and redis
 RUN pip install "apache-airflow[celery,google,postgres,redis,sendgrid]==${AIRFLOW_VERSION}" --constraint "${CONSTRAINT_URL}"
 # We add these overruns due to security reasons as suggested here: https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-pypi.html#upgrading-and-installing-dependencies-including-providers
-RUN pip install "apache-airflow[celery,google,postgres,redis,sendgrid]==${AIRFLOW_VERSION}" "cryptography==42.0.5" "gunicorn==22.0.0" "requests==2.31.0" "Werkzeug==2.3.8"
+RUN pip install "apache-airflow[celery,google,postgres,redis,sendgrid]==${AIRFLOW_VERSION}" "cryptography==42.0.5" "gunicorn==22.0.0" "requests==2.31.0" "Werkzeug==3.0.3"
 
 # copy init script and config to container
 COPY scripts ${AIRFLOW_HOME}/scripts
diff --git a/cornflow-server/changelog.rst b/cornflow-server/changelog.rst
index ef817fc0..4f64469b 100644
--- a/cornflow-server/changelog.rst
+++ b/cornflow-server/changelog.rst
@@ -1,3 +1,14 @@
+version 1.0.11
+---------------
+
+- released: 2024-05-10
+- description: release to fix security vulnerabilities
+- changelog:
+    - Upgraded flask-cors version to 4.0.1
+    - Upgraded Werkzeug version to 3.0.3
+    - Upgraded Airflow to version 2.9.1
+    - Fixed Werkzeug version on airflow image to 3.0.3
+
 version 1.0.10
 ---------------
 
diff --git a/cornflow-server/requirements.txt b/cornflow-server/requirements.txt
index 02c6db8a..1d5221f7 100644
--- a/cornflow-server/requirements.txt
+++ b/cornflow-server/requirements.txt
@@ -8,7 +8,7 @@ Flask==2.3.2
 flask-apispec<=0.11.4
 Flask-Bcrypt<=1.0.1
 Flask-Compress<=1.13
-flask-cors<=3.0.10
+flask-cors<=4.0.1
 flask-inflate<=0.3
 Flask-Migrate<=4.0.4
 Flask-RESTful<=0.3.9
@@ -27,4 +27,4 @@ pytups>=0.86.2
 requests<=2.31.0
 SQLAlchemy==1.3.21
 webargs<=8.2.0
-Werkzeug<=2.3.8
+Werkzeug<=3.0.3
diff --git a/cornflow-server/setup.py b/cornflow-server/setup.py
index dbb3bf68..26139693 100644
--- a/cornflow-server/setup.py
+++ b/cornflow-server/setup.py
@@ -9,7 +9,7 @@
 
 setuptools.setup(
     name="cornflow",
-    version="1.0.10",
+    version="1.0.11a1",
     author="baobab soluciones",
     author_email="cornflow@baobabsoluciones.es",
     description="Cornflow is an open source multi-solver optimization server with a REST API built using flask.",
diff --git a/docker-compose-cornflow-celery.yml b/docker-compose-cornflow-celery.yml
index 598acee6..208f4755 100644
--- a/docker-compose-cornflow-celery.yml
+++ b/docker-compose-cornflow-celery.yml
@@ -30,7 +30,7 @@ x-airflow-common:
   &airflow-common
   # In order to add custom dependencies or upgrade provider packages you can use your extended image.
   # Comment the image line and uncomment the "build" and "context" lines below, Then run `docker-compose build` to build the images.
-    image: baobabsoluciones/airflow:release-v1.0.8
+    image: baobabsoluciones/airflow:release-v1.0.11
     platform: linux/amd64
     #build: 
     #context: ./cornflow-server/airflow_config
@@ -64,7 +64,7 @@ x-cornflow-common:
   &cornflow-common
   # In order to add custom dependencies or upgrade provider packages you can use your extended image.
   # Comment the image line and uncomment the "build" and "context" lines below, Then run `docker-compose build` to build the images.
-    image: baobabsoluciones/cornflow:release-v1.0.8
+    image: baobabsoluciones/cornflow:release-v1.0.11
     platform: linux/amd64
     #build: 
     #context: ./cornflow-server
diff --git a/docker-compose-cornflow-ldap.yml b/docker-compose-cornflow-ldap.yml
index 599b43bd..36e6e387 100644
--- a/docker-compose-cornflow-ldap.yml
+++ b/docker-compose-cornflow-ldap.yml
@@ -31,7 +31,7 @@ x-airflow-common:
   &airflow-common
   # In order to add custom dependencies or upgrade provider packages you can use your extended image.
   # Comment the image line and uncomment the "build" and "context" lines below, Then run `docker-compose build` to build the images.
-    image: baobabsoluciones/airflow:release-v1.0.8
+    image: baobabsoluciones/airflow:release-v1.0.11
     platform: linux/amd64
     #build: 
     #context: ./cornflow-server/airflow_config
diff --git a/docker-compose.yml b/docker-compose.yml
index 24c808c3..14318208 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -30,7 +30,7 @@ x-airflow-common:
   &airflow-common
   # In order to add custom dependencies or upgrade provider packages you can use your extended image.
   # Comment the image line and uncomment the "build" and "context" lines below, Then run `docker-compose build` to build the images.
-    image: baobabsoluciones/airflow:release-v1.0.8
+    image: baobabsoluciones/airflow:release-v1.0.11
     platform: linux/amd64
     #build: 
     #context: ./cornflow-server/airflow_config
@@ -60,7 +60,7 @@ x-cornflow-common:
   &cornflow-common
   # In order to add custom dependencies or upgrade provider packages you can use your extended image.
   # Comment the image line and uncomment the "build" and "context" lines below, Then run `docker-compose build` to build the images.
-    image: baobabsoluciones/cornflow:release-v1.0.8
+    image: baobabsoluciones/cornflow:release-v1.0.11
     platform: linux/amd64
     #build: 
     #context: ./cornflow-server
diff --git a/docs/source/conf.py b/docs/source/conf.py
index f55386b6..117edf99 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -66,10 +66,10 @@
 import cornflow_client
 
 
-release = "1.0.10"
+release = "1.0.11"
 # The short X.Y version.
 # version = release[:3]
-version = "1.0.10"
+version = "1.0.11"
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

From e4c71fb94aebe218101f6d31f486988d3f5a3e42 Mon Sep 17 00:00:00 2001
From: Guillermo Gonzalez-Santander <guillermo.gonzalez@baobabsoluciones.es>
Date: Fri, 10 May 2024 10:03:20 +0200
Subject: [PATCH 2/3] Undo change to airflow dockerfile

---
 cornflow-server/airflow_config/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cornflow-server/airflow_config/Dockerfile b/cornflow-server/airflow_config/Dockerfile
index 5ac91e6d..55f797ba 100644
--- a/cornflow-server/airflow_config/Dockerfile
+++ b/cornflow-server/airflow_config/Dockerfile
@@ -20,7 +20,7 @@ ENV AIRFLOW_HOME=${AIRFLOW_USER_HOME}
 # install Airflow and extras: celery,postgres and redis
 RUN pip install "apache-airflow[celery,google,postgres,redis,sendgrid]==${AIRFLOW_VERSION}" --constraint "${CONSTRAINT_URL}"
 # We add these overruns due to security reasons as suggested here: https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-pypi.html#upgrading-and-installing-dependencies-including-providers
-RUN pip install "apache-airflow[celery,google,postgres,redis,sendgrid]==${AIRFLOW_VERSION}" "cryptography==42.0.5" "gunicorn==22.0.0" "requests==2.31.0" "Werkzeug==3.0.3"
+RUN pip install "apache-airflow[celery,google,postgres,redis,sendgrid]==${AIRFLOW_VERSION}" "cryptography==42.0.5" "gunicorn==22.0.0" "requests==2.31.0" "Werkzeug==2.3.8"
 
 # copy init script and config to container
 COPY scripts ${AIRFLOW_HOME}/scripts

From 8f66d38c34eb18f4c2bfaa6fe82100767aac0b03 Mon Sep 17 00:00:00 2001
From: Guillermo Gonzalez-Santander <guillermo.gonzalez@baobabsoluciones.es>
Date: Fri, 10 May 2024 10:45:07 +0200
Subject: [PATCH 3/3] Change cornflow version to final one

---
 cornflow-server/Dockerfile | 2 +-
 cornflow-server/setup.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cornflow-server/Dockerfile b/cornflow-server/Dockerfile
index 3afe28b7..fbf8904a 100644
--- a/cornflow-server/Dockerfile
+++ b/cornflow-server/Dockerfile
@@ -9,7 +9,7 @@ ENV DEBIAN_FRONTEND noninteractive
 ENV TERM linux
 
 # CORNFLOW vars
-ARG CORNFLOW_VERSION=1.0.11a1
+ARG CORNFLOW_VERSION=1.0.11
 
 # install linux pkg
 RUN apt update -y && apt-get install -y --no-install-recommends \
diff --git a/cornflow-server/setup.py b/cornflow-server/setup.py
index 26139693..a9790317 100644
--- a/cornflow-server/setup.py
+++ b/cornflow-server/setup.py
@@ -9,7 +9,7 @@
 
 setuptools.setup(
     name="cornflow",
-    version="1.0.11a1",
+    version="1.0.11",
     author="baobab soluciones",
     author_email="cornflow@baobabsoluciones.es",
     description="Cornflow is an open source multi-solver optimization server with a REST API built using flask.",