CVE-2019-11324

Advisory

[This advisory has been limited. Please create a free account to view the full advisory.]

Affected package

Affected versions

[This affected versions has been limited. Please create a free account to view the full affected versions.]

Fixed versions

[This fixed versions has been limited. Please create a free account to view the full fixed versions.]

Vulnerability changelog

===============

Non-RDF document import
-----------------------

JSON and CSV documents can be imported into AllegroGraph using
the new 'transform' service introduced in AG 6.5.0. This can
now be accessed from the Python client by calling the
``addDocumentFile()`` method of the connection object.
Document data from strings or Python dictionaries can be added
with ``addDocumentData()``.

Update dependencies which have security vulnerabilities
-------------------------------------------------------

Bumped urllib3 from 1.22 to 1.23 and requests from 2.18.4 to 2.20.0
according to recommendations made by Github.

Ensure sessions are closed properly
-----------------------------------

Sessions created via the ``openFederation()`` or ``openSession()``
methods of franz.openrdf.sail.allegrographserver.AllegroGraphServer
were not closed when ``close()`` was called on the resulting
connection. This has been fixed.

Resources

• https://pypi.org/project/agraph-python
• https://pyup.io/changelogs/agraph-python/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324