Mercurial > p > roundup > code
annotate scripts/Docker/requirements.txt @ 8356:63390dcfcfe9
bug: fix template use of structure with untrusted data
Looks like an xSS bug with an early version of the template that was
fixed in the code but never in the deployed tracker. It has been a
while since this particular construct has been in the classic template
which is the base for the tracker.
This has been fixed on the deployed tracker as well.
reported by 4bug of ChaMd5 Security Team H1 Group
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 08 Jul 2025 10:23:09 -0400 |
| parents | 61ffdc71cf46 |
| children | 2c59d8deb653 |
| rev | line source |
|---|---|
|
8115
61ffdc71cf46
chore: update to newest 3.12 alpine image
John Rouillard <rouilj@ieee.org>
parents:
7315
diff
changeset
|
1 # setuptools required for installation - missing from newer base images |
|
61ffdc71cf46
chore: update to newest 3.12 alpine image
John Rouillard <rouilj@ieee.org>
parents:
7315
diff
changeset
|
2 setuptools |
|
6520
26babdf85067
issue2551163 - add starter docker
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
3 # human timezones |
|
26babdf85067
issue2551163 - add starter docker
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
4 pytz |
|
26babdf85067
issue2551163 - add starter docker
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
5 # indexer |
|
26babdf85067
issue2551163 - add starter docker
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
6 Whoosh |
|
7315
b8e88d4ca95b
Add redis library to docker image; mention xapian is installed
John Rouillard <rouilj@ieee.org>
parents:
7050
diff
changeset
|
7 # xapian is also installed |
|
6522
e6ae8188f61a
issue2551163 Docker/containerization support
John Rouillard <rouilj@ieee.org>
parents:
6520
diff
changeset
|
8 # extra database support |
|
e6ae8188f61a
issue2551163 Docker/containerization support
John Rouillard <rouilj@ieee.org>
parents:
6520
diff
changeset
|
9 psycopg2 |
|
e6ae8188f61a
issue2551163 Docker/containerization support
John Rouillard <rouilj@ieee.org>
parents:
6520
diff
changeset
|
10 mysqlclient |
|
7315
b8e88d4ca95b
Add redis library to docker image; mention xapian is installed
John Rouillard <rouilj@ieee.org>
parents:
7050
diff
changeset
|
11 redis |
|
6522
e6ae8188f61a
issue2551163 Docker/containerization support
John Rouillard <rouilj@ieee.org>
parents:
6520
diff
changeset
|
12 # encryption |
|
e6ae8188f61a
issue2551163 Docker/containerization support
John Rouillard <rouilj@ieee.org>
parents:
6520
diff
changeset
|
13 gpg |
|
6520
26babdf85067
issue2551163 - add starter docker
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
14 # java web tokens |
|
6522
e6ae8188f61a
issue2551163 Docker/containerization support
John Rouillard <rouilj@ieee.org>
parents:
6520
diff
changeset
|
15 PyJWT |
|
e6ae8188f61a
issue2551163 Docker/containerization support
John Rouillard <rouilj@ieee.org>
parents:
6520
diff
changeset
|
16 # extra HTTP compression methods |
|
e6ae8188f61a
issue2551163 Docker/containerization support
John Rouillard <rouilj@ieee.org>
parents:
6520
diff
changeset
|
17 Brotli |
|
e6ae8188f61a
issue2551163 Docker/containerization support
John Rouillard <rouilj@ieee.org>
parents:
6520
diff
changeset
|
18 zstd |
| 7050 | 19 # jinja2 template engine |
| 20 Jinja2 |