Fix two 3rd party CVEs: CVE-2024-45338, CVE-2024-12797 #641

gblewis1 · 2025-02-24T18:35:50Z

n/a

Info	Please fill out this column
Root Cause	Specifically for bugs, empty in case of no variants
Jira ticket	Add the name to the Jira ticket eg: "NEXMANAGE-622". Automation will do the linking to Jira

Added required new tests relevant to the changes
Updated Documentation as relevant to the changes
PR change contains code related to security
PR introduces changes that break compatibility with other modules/services (If YES, please provide description)
Run go fmt or format-python.sh as applicable
Update Changelog
Integration tests are passing
If Cloudadapter changes, check Azure connectivity manually

Code must act as a teacher for future developers

gblewis1 added 3 commits February 24, 2025 10:34

bump golang.org/x/net from 0.29.0 to 0.33.0 in trtl -> CVE-2024-45338

bf77770

bump cryptography from 43.0.3 to 44.0.1 in dispatcher -> CVE-2024-12797

45e85b3

update changelog

7e592b4

gblewis1 marked this pull request as ready for review February 24, 2025 18:37

gblewis1 requested a review from nmgaston as a code owner February 24, 2025 18:37

nmgaston approved these changes Feb 24, 2025

View reviewed changes

gblewis1 merged commit 01c8399 into develop Feb 25, 2025
15 checks passed

gblewis1 deleted the gblewis1/address-auto-archive-warning-20250224 branch February 25, 2025 19:24