Safety vulnerability ID: 50891
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Nemo 4.2.0 updates its dependency 'Django' to v3.2.15 to include security fixes.
Latest version: 6.0.3
NEMO is a laboratory logistics web application. Use it to schedule reservations, control tool access, track maintenance issues, and more.
New features
* Added Safety data sheets:
* ChemicalHazard (flammable, toxic, etc.) and Chemical objects should be added in the Detailed administration
* Chemical document can be either uploaded to NEMO or set with a URL
* Common hazard icons are available [in the resources folder](https://github.com/usnistgov/NEMO/tree/master/resources/icons/chemical_hazard_logos)
* Keywords/synonyms can be set for a Chemical and search through in the Safety data sheet page
* There is no direct link in the navigation bar. A `Landing page choice` option needs to be added for this with url `/safety_data_sheets/`. An SDS icon is available for download [in the resources folder](https://github.com/usnistgov/NEMO/tree/master/resources//icons/sds.png)
* Added a button in the calendar to only display qualified tools for non-staff users. This feature is disabled by default and needs to be activated in the Customization page. Thx pdessauw and NIST MML for the contribution!
Improvements
* Updated style of Rate table in Tool control. The table is collapsed by default and can be expanded by default by checking the box in Customization -> Rates
* Added LDAP "username_format" property to allow for custom formatting of the username
* Checks during login are now case insensitive for username
* Added Staff absence note which will only be visible to facility managers
* Non-working days will not be shown as absence on the facility manager view of staff status
* Updated display of comments in Tool control to keep new lines
Bug fixes
* Fixed a bug preventing rates from being loaded at startup
* Fixed a bug when running migrate of makemigrations before database is initialized
* Fixed a bug when authentication fails and is not sending to the correct page due to not allowing POST
* Fixed interlock configuration not accepting 0 as coil number
* Fixed an issue where all tools would disappear when expanding/collapsing categories and switching from Calendar to Tool control
* Fixed a ClosureTime warning on the staff status page
* Fixed validation for reservation questions not being updated when adding/removing a group question
Librairies
* Django 3.2.13 -> 3.2.15 (vulnerability)
* drf-flex-fields 0.9.8 -> 1.0.0
* cryptography 37.0.2 -> 37.0.4
* django-filter 21.1 -> 22.1
* requests 2.27.1 -> 2.28.1
* Pillow 9.1.1 -> 9.2.0
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application