<div dir="ltr"><div dir="ltr"><div><br></div><div>I have created a ticket for that:<br><br><a href="https://github.com/qgis/QGIS-Documentation/issues/3145">https://github.com/qgis/QGIS-Documentation/issues/3145</a></div><div><br></div><div>So that we don't forget.</div><div><br></div><div>Cheers,</div><div><br></div><div>Alex Neto<br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Nov 12, 2018 at 6:58 AM Richard Duivenvoorde <<a href="mailto:rdmailings@duif.net">rdmailings@duif.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
On the QGIS-Documentation repository I got a message from github,<br>
telling us we use a component with a security issue ("moderate<br>
severity")in it, pointing to:<br>
<br>
<a href="https://github.com/qgis/QGIS-Documentation/network/alert/REQUIREMENTS.txt/requests/open" rel="noreferrer" target="_blank">https://github.com/qgis/QGIS-Documentation/network/alert/REQUIREMENTS.txt/requests/open</a><br>
Pointing to<br>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2018-18074" rel="noreferrer" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2018-18074</a><br>
<br>
It's about the used python requests-module, and tells us:<br>
Upgrade requests to version 2.20.0 or later.<br>
Apparently we use an older version-nr in our REQUIREMENTS.txt.<br>
<br>
Please remind me to do this, or can somebody else try/test.<br>
<br>
Regards,<br>
<br>
Richard Duivenvoorde<br>
_______________________________________________<br>
Qgis-community-team mailing list for organizing community resources such as documentation, translation etc..<br>
<a href="mailto:Qgis-community-team@lists.osgeo.org" target="_blank">Qgis-community-team@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/qgis-community-team" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-community-team</a></blockquote></div>