From ef52903d817005cc5fe3c72ab855aec5f54104c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandra=20Gal=C3=A1n?=
 <99278460+AlejandraGalan@users.noreply.github.com>
Date: Thu, 31 Oct 2024 18:04:00 +0100
Subject: [PATCH] Solving Werkzeug vulnerability (#561)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Solving Werkzeug vulnerability

* Bump version and update changelog.rst

* Bump version on Dockerfile

---------

Co-authored-by: Guillermo González-Santander <guillermo.gonzalez@baobabsoluciones.es>
---
 cornflow-server/Dockerfile       | 2 +-
 cornflow-server/changelog.rst    | 8 ++++++++
 cornflow-server/requirements.txt | 2 +-
 cornflow-server/setup.py         | 2 +-
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/cornflow-server/Dockerfile b/cornflow-server/Dockerfile
index 851f6e30..77573509 100644
--- a/cornflow-server/Dockerfile
+++ b/cornflow-server/Dockerfile
@@ -9,7 +9,7 @@ ENV DEBIAN_FRONTEND noninteractive
 ENV TERM linux
 
 # CORNFLOW vars
-ARG CORNFLOW_VERSION=1.1.0
+ARG CORNFLOW_VERSION=1.1.2
 
 # install linux pkg
 RUN apt update -y && apt-get install -y --no-install-recommends \
diff --git a/cornflow-server/changelog.rst b/cornflow-server/changelog.rst
index ab5eedcf..f7fbd836 100644
--- a/cornflow-server/changelog.rst
+++ b/cornflow-server/changelog.rst
@@ -1,3 +1,11 @@
+version 1.1.2
+--------------
+
+- released: 2024-10-31
+- description: security fix
+- changelog:
+    - bump Werkzeug to version 3.0.6 due to CVE-2024-49766 and CVE-2024-49767.
+
 version 1.1.1
 --------------
 
diff --git a/cornflow-server/requirements.txt b/cornflow-server/requirements.txt
index 48287a3d..35270077 100644
--- a/cornflow-server/requirements.txt
+++ b/cornflow-server/requirements.txt
@@ -27,4 +27,4 @@ pytups>=0.86.2
 requests<=2.32.3
 SQLAlchemy==1.3.21
 webargs<=8.2.0
-Werkzeug<=3.0.3
+Werkzeug==3.0.6
\ No newline at end of file
diff --git a/cornflow-server/setup.py b/cornflow-server/setup.py
index 32e71a5d..dc7bd8da 100644
--- a/cornflow-server/setup.py
+++ b/cornflow-server/setup.py
@@ -9,7 +9,7 @@
 
 setuptools.setup(
     name="cornflow",
-    version="1.1.1",
+    version="1.1.2",
     author="baobab soluciones",
     author_email="cornflow@baobabsoluciones.es",
     description="Cornflow is an open source multi-solver optimization server with a REST API built using flask.",