CVE-2019-10906

Advisory

Candig-server 0.9.2 updates its dependency 'Jinja2' to v2.10.1 to include a security fix.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

V0.9.2 release of the candig-server.

This release introduces a number of updates:

- The package used for ingestion has been switched to candig-ingest from PROFYLE_ingest.
- Jinja2 package has been updated to resolve security vulnerability issues.
- Package name has been renamed throughout the package.
- Dashboard has been updated so the server status graph can be rendered at all time.
- New commands for server's starting, ingesting and status checking have been added.

Deprecating:
- Server commands, including `ga4gh_server`,`ga4gh_repo` and `ga4gh_configtest`, please use `candig_server`, `candig_repo`, and `candig_configtest` instead.

Resources

• https://pypi.org/project/candig-server
• https://pyup.io/changelogs/candig-server/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906