CVE-2023-23931

Advisory

Proxystore 0.4.1 updates its dependency 'cryptography' to include a security fix.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

<!-- Release notes generated using configuration in .github/release.yml at v0.4.1 -->

This release adds some new backends, the `MultiStore` and `ZeroMQStore`, and overhauls the docs which are now hosted at [docs.proxystore.dev](https://docs.proxystore.dev)!

Upgrade Steps

bash
$ pip install --upgrade proxystore


What's Changed

New Features
* Support Globus consents by gpauloski in https://github.com/proxystore/proxystore/pull/180
* Add `MultiStore` by gpauloski in https://github.com/proxystore/proxystore/pull/193
* Add `ZeroMQStore` by gpauloski in https://github.com/proxystore/proxystore/pull/208

Bug Fixes
* Fix peer-channels not passed to configure by gpauloski in https://github.com/proxystore/proxystore/pull/189
* Use IP instead of hostname for client endpoint requests by gpauloski in https://github.com/proxystore/proxystore/pull/191
* Prevent race condition when iterating over `Store._stats` by WardLT in https://github.com/proxystore/proxystore/pull/207

Documentation
* Migrate to MKDocs by gpauloski in https://github.com/proxystore/proxystore/pull/197

Dependencies
* Support Python 3.11 by gpauloski in https://github.com/proxystore/proxystore/pull/138
* Migrate to `pyproject.toml` by gpauloski in https://github.com/proxystore/proxystore/pull/176
* Bump actions/checkout from 2 to 3 by dependabot in https://github.com/proxystore/proxystore/pull/177
* Upgrade cryptography per CVE-2023-23931 by gpauloski in https://github.com/proxystore/proxystore/pull/190

New Contributors
* dependabot made their first contribution in https://github.com/proxystore/proxystore/pull/177

**Full Changelog**: https://github.com/proxystore/proxystore/compare/v0.4.0...v0.4.1

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931