Workflow

PyPi: Lnbits

CVE-2024-21503

Transitive

Safety vulnerability ID: 71111

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 19, 2024 Updated at May 28, 2024
Scan your Python projects for vulnerabilities →

Advisory

Lnbits version 0.12.5 updates its `black` dependency from version 24.2.0 to 24.3.0 to address the security vulnerability identified as CVE-2024-21503. This update is implemented as a security measure, ensuring the package remains secure by incorporating the necessary fixes from the updated version of the `black` code formatter.

Affected package

lnbits

Latest version: 0.12.8

LNbits, free and open-source Lightning wallet and accounts system.

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* feat: add `check_invalid_payments` command by motorina0 in https://github.com/lnbits/lnbits/pull/2353
* feat: add commands `delete-walle`, `delete-wallet-payment` and `verbose` option, by motorina0 in https://github.com/lnbits/lnbits/pull/2354
* feat: add `mark-payment-pending` command by motorina0 in https://github.com/lnbits/lnbits/pull/2355
* feat: remove `--auto-fix` option from `check-payments` by motorina0 in https://github.com/lnbits/lnbits/pull/2359
* feat: extra log by motorina0 in https://github.com/lnbits/lnbits/pull/2360
* hotfix: initial currency conversion on balance by dni in https://github.com/lnbits/lnbits/pull/2346
* bug: When "expiry" is null, do not display "expiry" in payment details by dethos in https://github.com/lnbits/lnbits/pull/2349
* feat: complete use of `LNBITS_EXTENSIONS_DEACTIVATE_ALL` by dni in https://github.com/lnbits/lnbits/pull/2341
* chore: update to node 20.x on workflows by dni in https://github.com/lnbits/lnbits/pull/2364
* bug: releasing docker image had invalid credentials by dni in https://github.com/lnbits/lnbits/pull/2365
* ci: run jmeter only if linting passes to save resources by dni in https://github.com/lnbits/lnbits/pull/2366
* bug: show extensions in frontend had wrong boolean by dni in https://github.com/lnbits/lnbits/pull/2370
* bug: frontend some v-text missing by talvasconcelos in https://github.com/lnbits/lnbits/pull/2372
* feat: improve on api structure, add openapi tags by dni in https://github.com/lnbits/lnbits/pull/2295
* simplify description in i18n by prusnak in https://github.com/lnbits/lnbits/pull/2356
* [test] add jmeter tests to install and enable all vetted extensions by motorina0 in https://github.com/lnbits/lnbits/pull/2371
* test: run jmeter test from `lnbits-extensions` repo by dni in https://github.com/lnbits/lnbits/pull/2374
* test: remove warnings for `TemplateResponse` by dni in https://github.com/lnbits/lnbits/pull/2368
* docs: improves readme by arcbtc in https://github.com/lnbits/lnbits/pull/2367
* chore: typo in function name `nofiy_upgrade` by dni in https://github.com/lnbits/lnbits/pull/2383
* chore: fix some typos for docs by redistay in https://github.com/lnbits/lnbits/pull/2384
* chore: adhere to ruff's `A` by dni in https://github.com/lnbits/lnbits/pull/2380
* chore: update black, security warning by dni in https://github.com/lnbits/lnbits/pull/2387
* chore: fix `pycryptodomex` security issue by dni in https://github.com/lnbits/lnbits/pull/2388
* chore: adhere to ruff's `C` by dni in https://github.com/lnbits/lnbits/pull/2379
* docs: improve installation for none ubuntu by dni in https://github.com/lnbits/lnbits/pull/2386
* fix: remove trailing slash from admin.js by dni in https://github.com/lnbits/lnbits/pull/2391
* refactor: use new fastapi lifespan instead of startup/shutdown events by dni in https://github.com/lnbits/lnbits/pull/2294
* test: make nice pytest reports on github by dni in https://github.com/lnbits/lnbits/pull/2376
* feat: active state for manage menu items by dni in https://github.com/lnbits/lnbits/pull/2392
* doc: add hint to configure reverse proxy in `.env.template` by dni in https://github.com/lnbits/lnbits/pull/2393
* test: add unit tests for wallets (funding sources) by motorina0 in https://github.com/lnbits/lnbits/pull/2363
* test: add tests for alby by motorina0 in https://github.com/lnbits/lnbits/pull/2390
* fix: improve on check_fundingsource retries by dni in https://github.com/lnbits/lnbits/pull/2400
* chore: update lnbits to 0.12.5 by dni in https://github.com/lnbits/lnbits/pull/2401

New Contributors
* redistay made their first contribution in https://github.com/lnbits/lnbits/pull/2384

**Full Changelog**: https://github.com/lnbits/lnbits/compare/0.12.4...0.12.5

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application