CVE-2021-27291

Advisory

Omegaml 0.15.5 updates its dependency 'pygments' to '>=2.7.4' to include a security fix.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* use sqlalchemy prepared statements for pd.read_sql by miraculixx in https://github.com/omegaml/omegaml/pull/294
* sanitize mongodb query filters by miraculixx in https://github.com/omegaml/omegaml/pull/293
* streamline extdmetadata handling resp. X, Y, result by miraculixx in https://github.com/omegaml/omegaml/pull/291
* upgrade mongodb 5.x by miraculixx in https://github.com/omegaml/omegaml/pull/232
* enable using mongodb as a result backend by miraculixx in https://github.com/omegaml/omegaml/pull/300
* Upgrade celery 5 by miraculixx in https://github.com/omegaml/omegaml/pull/234
* Om logger python logging optional by miraculixx in https://github.com/omegaml/omegaml/pull/311
* Enable restapi buckets by miraculixx in https://github.com/omegaml/omegaml/pull/309
* Arbitrary virtualobj loading by miraculixx in https://github.com/omegaml/omegaml/pull/310
* Improve sql cnx caching by miraculixx in https://github.com/omegaml/omegaml/pull/308
* enable small datasets to be passed as part of the message by miraculixx in https://github.com/omegaml/omegaml/pull/312
* release build 0.15.5 by miraculixx in https://github.com/omegaml/omegaml/pull/313


Security fixes
* [Snyk] Fix for 4 vulnerabilities by snyk-bot in https://github.com/omegaml/omegaml/pull/299
* [Snyk] Security upgrade tensorflow/tensorflow from 2.10.0rc3-gpu-jupyter to 2.11.0rc1-gpu-jupyter by omegaml in https://github.com/omegaml/omegaml/pull/290
* [Snyk] Security upgrade tensorflow/tensorflow from 2.10.0rc3-gpu-jupyter to 2.11.0rc0-gpu-jupyter by snyk-bot in https://github.com/omegaml/omegaml/pull/289


**Full Changelog**: https://github.com/omegaml/omegaml/compare/release/0.15.3...release/0.15.5

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291