Solving Werkzeug vulnerability (#561)

* Solving Werkzeug vulnerability * Bump version and update changelog.rst * Bump version on Dockerfile --------- Co-authored-by: Guillermo González-Santander <[email protected]>
baobabsoluciones · Oct 31, 2024 · ef52903 · ef52903
1 parent 55a1710
commit ef52903
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 3 deletions.
diff --git a/cornflow-server/Dockerfile b/cornflow-server/Dockerfile
@@ -9,7 +9,7 @@ ENV DEBIAN_FRONTEND noninteractive
 ENV TERM linux
 
 # CORNFLOW vars
-ARG CORNFLOW_VERSION=1.1.0
+ARG CORNFLOW_VERSION=1.1.2
 
 # install linux pkg
 RUN apt update -y && apt-get install -y --no-install-recommends \

diff --git a/cornflow-server/changelog.rst b/cornflow-server/changelog.rst
@@ -1,3 +1,11 @@
+version 1.1.2
+--------------
+
+- released: 2024-10-31
+- description: security fix
+- changelog:
+    - bump Werkzeug to version 3.0.6 due to CVE-2024-49766 and CVE-2024-49767.
+
 version 1.1.1
 --------------
 

diff --git a/cornflow-server/requirements.txt b/cornflow-server/requirements.txt
@@ -27,4 +27,4 @@ pytups>=0.86.2
 requests<=2.32.3
 SQLAlchemy==1.3.21
 webargs<=8.2.0
-Werkzeug<=3.0.3
+Werkzeug==3.0.6
diff --git a/cornflow-server/setup.py b/cornflow-server/setup.py
@@ -9,7 +9,7 @@
 
 setuptools.setup(
     name="cornflow",
-    version="1.1.1",
+    version="1.1.2",
     author="baobab soluciones",
     author_email="[email protected]",
     description="Cornflow is an open source multi-solver optimization server with a REST API built using flask.",