From: "Nickle Wang via groups.io" <nicklew=nvidia.com@groups.io>
To: <devel@edk2.groups.io>
Cc: Abner Chang <abner.chang@amd.com>,
Igor Kulchytskyy <igork@ami.com>,
"Nick Ramirez" <nramirez@nvidia.com>
Subject: [edk2-devel] [edk2-redfish-client][PATCH] Tool/Redfish-Profile-Simulator: fix Werkzeug security issue
Date: Wed, 8 May 2024 16:09:12 +0800 [thread overview]
Message-ID: <20240508080912.1914-1-nicklew@nvidia.com> (raw)
Upgrade Werkzeug to version 3.0.3 to address CVE-2024-34069
Signed-off-by: Nickle Wang <nicklew@nvidia.com>
Cc: Abner Chang <abner.chang@amd.com>
Cc: Igor Kulchytskyy <igork@ami.com>
Cc: Nick Ramirez <nramirez@nvidia.com>
---
Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py | 7 ++++---
Tools/Redfish-Profile-Simulator/requirements.txt | 6 ++----
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py b/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
index 91c792a2b..58697328a 100644
--- a/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
+++ b/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
@@ -1,6 +1,7 @@
# Copyright Notice:
#
# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
# Copyright Notice:
@@ -89,8 +90,8 @@ class PreconditionRequired(werkzeug.exceptions.HTTPException):
def main(argv):
#Monkey patch the set_etag() method for conditional request.
- _old_set_etag = werkzeug.ETagResponseMixin.set_etag
- @functools.wraps(werkzeug.ETagResponseMixin.set_etag)
+ _old_set_etag = werkzeug.wrappers.Response.set_etag
+ @functools.wraps(werkzeug.wrappers.Response.set_etag)
def _new_set_etag(self, etag, weak=False):
# only check the first time through; when called twice
# we're modifying
@@ -107,7 +108,7 @@ def main(argv):
raise NotModified
flask.g.condtnl_etags_start = False
_old_set_etag(self, etag, weak)
- werkzeug.ETagResponseMixin.set_etag = _new_set_etag
+ werkzeug.wrappers.Response.set_etag = _new_set_etag
# set default option args
rf_profile_path = os.path.abspath("./MockupData/SimpleOcpServerV1")
diff --git a/Tools/Redfish-Profile-Simulator/requirements.txt b/Tools/Redfish-Profile-Simulator/requirements.txt
index 359a81446..83d2d8130 100644
--- a/Tools/Redfish-Profile-Simulator/requirements.txt
+++ b/Tools/Redfish-Profile-Simulator/requirements.txt
@@ -1,5 +1,3 @@
-Werkzeug==0.16
-Jinja2==3.0.3
-itsdangerous==2.0.1
-flask==1.1.1
+Werkzeug>=3.0.3
+flask==3.0.0
pyOpenSSL
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118664): https://edk2.groups.io/g/devel/message/118664
Mute This Topic: https://groups.io/mt/105977266/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next reply other threads:[~2024-05-08 8:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-08 8:09 Nickle Wang via groups.io [this message]
2024-05-09 12:45 ` [edk2-devel] [edk2-redfish-client][PATCH] Tool/Redfish-Profile-Simulator: fix Werkzeug security issue Chang, Abner via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240508080912.1914-1-nicklew@nvidia.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox