CVE-2016-7401

Advisory

Sentry 9.0.0rc1 includes a fix for CVE-2016-7401 (backported from Django 1.8.15).

Affected package

Affected versions

Fixed versions

Vulnerability changelog

- Fix a bug where class-based callables used as Django views (without using Django's regular class-based views) would not have `csrf_exempt` applied.
- New integration for Google Cloud Functions.
- Fix a bug where a recently released version of `urllib3` would cause the SDK to enter an infinite loop on networking and SSL errors.
- **Breaking change**: Remove the `traceparent_v2` option. The option has been ignored since 0.16.3, just remove it from your code.

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7401
• http://www.securitytracker.com/id/1036899
• https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
• http://www.debian.org/security/2016/dsa-3678
• http://www.securityfocus.com/bid/93182
• http://www.ubuntu.com/usn/USN-3089-1
• http://rhn.redhat.com/errata/RHSA-2016-2043.html
• http://rhn.redhat.com/errata/RHSA-2016-2042.html
• http://rhn.redhat.com/errata/RHSA-2016-2041.html
• http://rhn.redhat.com/errata/RHSA-2016-2040.html
• http://rhn.redhat.com/errata/RHSA-2016-2039.html
• http://rhn.redhat.com/errata/RHSA-2016-2038.html