Safety vulnerability ID: 63444
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Nautobot 1.3.8 updates its `django` dependency from version 3.2.13 to 3.2.14. This change is in response to the security vulnerability identified as CVE-2022-34265.
https://github.com/nautobot/nautobot/pull/2004/commits/29be3f0b7ef879931d4db0869c47e9f5bc13a860
Latest version: 2.4.10
Source of truth and network automation platform.
Added
- [1464](https://github.com/nautobot/nautobot/issues/1464) - Added "Continue with SSO" link on login page.
Changed
- [1407](https://github.com/nautobot/nautobot/issues/1407) - Changed custom field export column headings to prefix with `cf_`.
- [1603](https://github.com/nautobot/nautobot/issues/1603) - Changed GraphQL schema generation to call time for GraphQL API.
- [1977](https://github.com/nautobot/nautobot/pull/1977) - Updated Renovate config to batch updates (additional PRs included to further refine config).
- [2020](https://github.com/nautobot/nautobot/pull/2020) - Updated `celery >= 5.2.7`, `django-jinja >= 2.10.2`, and `mysqlclient >= 2.1.1` versions in lock file (patch updates).
Fixed
- [1838](https://github.com/nautobot/nautobot/issues/1838) - Fixed job result to show latest not oldest.
- [1874](https://github.com/nautobot/nautobot/issues/1874) - Fixed Git repo sync issue with Sentinel with deprecated rq_count check.
Security
<img width="698" alt="CVE in Django versions >= 3.2, < 3.2.14. This update upgrades Django to 3.2.14." src="https://user-images.githubusercontent.com/31187/178294054-c2ed847c-4692-422c-9607-b940627afd4f.png">
- [2004](https://github.com/nautobot/nautobot/pull/2004) - Bump Django from 3.2.13 to 3.2.14 for for [CVE-2022-34265](https://github.com/advisories/GHSA-p64x-8rxx-wf6q).
Contributors
* HanlinMiao
* timizuoebideri1
**Full Changelog**: https://github.com/nautobot/nautobot/compare/v1.3.7...v1.3.8
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application