Safety vulnerability ID: 71126
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Openbb version 4.2.0 updates its `aiohttp` dependency from `^3.9.0` to `^3.9.5` to address the security vulnerability identified as CVE-2024-27306. This update ensures enhanced security and stability by incorporating the necessary fixes from the newer version of the `aiohttp` library.
Latest version: 4.3.4
Investment research for everyone, anywhere.
π What's New in This Release
π Legacy Code Removal
Legacy Code Removal: We removed the legacy OpenBB Terminal code. Donβt worry, you can still access this legacy code! It's safely archived in our [Legacy Terminal Repository](https://github.com/OpenBB-finance/LegacyTerminal) and preserved in the git history for any nostalgic devs.
π License Transition
AGPL License Adoption: We've upgraded to the AGPL license to better align with our community's values and future goals. Learn more by checking out our insightful [blog post](https://openbb.co/blog/license-change-openbb-platform-goes-agpl) and our detailed [licensing FAQ](https://docs.openbb.co/platform/licensing).
π Security Improvements
Major Security Upgrade: With the legacy code in the rearview, we've upgraded our defenses. This major security enhancement ensures that your experience on the OpenBB Platform is safer and more secure than ever.
π¦ OpenBB Platform Enhancements
Release 4.2.0 introduces a number of features and improvements to OpenBB Platform. Web security has been enhanced by updating frontend components and dependencies to patched versions. The OpenBB Platform CLI's testing coverage has been expanded through the addition of unit tests and the update of GitHub workflows.
The release also brings new enhancements to the 'reference.json'. Now, custom provider choices are available in the reference, which can be leveraged by clients for diverse purposes. Additional functionalities include Forward PE estimates to the equity.estimates router, update to the CLI README documentation, and removal of old code.
A notable feature is the creation of a 'repo assets directory'. The intention behind this is to define instructions and credentials in the Provider class to avoid downstream applications scraping the repo and potentially encountering randomly deleted files.
- Improve web security piiq (6405)
- [Feature] OpenBB Platform CLI Unit tests IgorWounds (6397)
- [Feature] Custom Provider choices available on the `reference.json` hjoaquim (6409)
- [Feature] Add Forward PE Estimates deeleeramone (6398)
- [Feature] CLI README hjoaquim (6402)
- remove hold command and its references hjoaquim (6399)
- Security updates piiq (6387)
- [Feature] Create repo assets directory montezdesousa (6384)
- [Feature] Fallback to to\_df() method when results are a string hjoaquim (6388)
- [Feature] Update chart creation so it doesn't break the command execution hjoaquim (6382)
- [Feature] Redefined standard fields \& multiple\_items\_allowed property changes montezdesousa (6377)
- [Feature] EconDB Main Indicators deeleeramone (6365)
- Move files used in gh actions from root montezdesousa (6346)
- [Feature] Summarize Changelog IgorWounds (6335)
- [Feature] Warn limit number of countries in TE request hjoaquim (6334)
- [Feature] Polygon Currency Snapshots deeleeramone (6333)
- [Feature] Main README hjoaquim (6403)
- [Feature] Adds Platform images hjoaquim (6410)
- [Feature] Styling adjustments hjoaquim (6408)
- [BugFix] Fix broken `--sheet-name` argument hjoaquim (6401)
- [Feature] Update CLI dependencies hjoaquim (6389)
- [Feature] Remove i18n hjoaquim (6390)
- [Feature] Misc improvements on the Platform CLI hjoaquim (6370)
- Sync main and develop piiq (6373)
- [Feature] Handle repeated non standard arguments hjoaquim (6366)
- [Feature] Improve `OBBject` Registry hjoaquim (6364)
- [Enhancement] - Sanitize sensitive data from `.cli.his` IgorWounds (6361)
- [Feature] Display command providers montezdesousa (6355)
- [Feature] Named tables on CLI hjoaquim (6356)
- [Feature] Rename terminal folder montezdesousa (6349)
- Move linting rules from pyproject.toml to ruff.toml montezdesousa (6350)
π OpenBB Platform Bug Fixes
The new release corrects a variety of bugs. Key corrections include updating GitHub workflows, replacing python-jose by PyJWT due to security concerns, fixing errors in the Econ Calendar, making `paper_bgcolor` transparent in the PyWry backend, and exposing error messages on request failure in AV Historical EPS. Auxiliary corrections include case-insensitive credentials, and more. Additional testing was done to ensure the proper functioning of these corrections.
- [BugFix] Update GitHub workflows montezdesousa (6418)
- [HotFix] Fix missed unit\_measurements deeleeramone (6416)
- [BugFix] Replace python-jose by PyJWT montezdesousa (6407)
- [BugFix] Econ Calendar deeleeramone (6392)
- [BugFix] Make `paper_bgcolor` transparent in PyWry backend deeleeramone (6385)
- [BugFix] AV Historical EPS - Expose Error Message On Request Fail deeleeramone (6406)
- [BugFix] Explicit error message when return type is not an OBBject IgorWounds (6394)
- [BugFix] Remove logos montezdesousa (6404)
- [BugFix] Case insensitive credentials montezdesousa (6400)
- [BugFix] Remove unused old code IgorWounds (6395)
- [BugFix] Fix FMP Currency/Crypto Historical Prices deeleeramone (6383)
- [BugFix] Update SEC pyproject.toml deeleeramone (6379)
- [BugFix] Fix Currency Search deeleeramone (6380)
- [BugFix] Treasury Rates Pandas Warnings deeleeramone (6375)
- [BugFix] Ad 'x-' to json\_schema\_extra in Fields with unit\_measurement deeleeramone (6376)
- [BugFix] Fix tests for release IgorWounds (6372)
- [BugFix] Fix lowercase symbols IgorWounds (6342)
- [BugFix] Set Chart Style Before Output deeleeramone (6367)
- [BugFix] Remove `Literal[None,...]` hjoaquim (6371)
- [BugFix] SEC ETF Holdings - Try Catch for RemoteDisconnect Error deeleeramone (6359)
- [BugFix] Remove multiple .envs montezdesousa (6363)
- [BugFix] hjoaquim (6360)
- [BugFix] Intrinio EquityPriceHistorical - Return Error Message When Invalid Key deeleeramone (6357)
- [BugFix] Empty views on `econometrics` and `quantitative` hjoaquim (6353)
- [BugFix] Empty views on the CLI hjoaquim (6351)
- [BugFix] Filtered provider arguments hjoaquim (6348)
- Clean .gitignore montezdesousa (6347)
- [BugFix] Intrinio Balance Sheet Period deeleeramone (6343)
- [BugFix] fix the dependencies issues on the changelog summary workflow luqmanbello (6341)
- [BugFix] Correct the filename of the `summarize_changelog.py` file luqmanbello (6338)
- [BugFix] Intrinio News deeleeramone (6336)
- [BugFix] Sync ruff in dev\_tools with openbb\_core montezdesousa (6331)
π OpenBB Documentation Changes
In this new release, several updates were made across various areas including licensing, package upgrades, and documentation changes. The license for the codebase is now AGPL, with a dedicated FAQ page for licensing added to platform documentation. The CLI Installation Pre-Requisites now include guidelines for Linux, while new pages have been created for CLI docs keeping with the familiar Terminal structure. Docusaurus, was upgraded to v3 for improved security and new features. The discontinued OpenBB Terminal was removed from the main docs page and relocated under the Legacy section. Specifics on these changes can be found in the detailed change-log.
- Update the license of the code in this repo to AGPL piiq (6415)
- [HotFix] Add Linux instructions to CLI Installation Pre-Requisites deeleeramone (6411)
- [Feature] CLI docs hjoaquim (6362)
- [BugFix] Fix Excel Data Slicer page. IgorWounds (6396)
- [Docs] Upgrade Docusaurus to v3 Disorrder (6386)
- [Docs] Remove OpenBB Terminal from docs page IgorWounds (6354)
- [Docs] Update excel docs montezdesousa (6329)
- [Docs] Update excel docs montezdesousa (6328)
We are proud of our community contributors and staunch supporters of open-source ecosystems.
Help us promote our community by tagging `openbb_finance` on X with a link to your pull request,
and join our Discord server to chat about your contribution! We want to hear about your experience!
Links π¦
[Website](https://openbb.co/), [Twitter](https://twitter.com/openbb_finance), [Linkedin](https://www.linkedin.com/company/openbb-finance), [Instagram](https://www.instagram.com/openbb.finance/), [Reddit](https://www.reddit.com/r/openbb/), [Discord](https://discord.com/invite/xPHTuHCmuV)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application