Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap 2026-01-26T04:34:45+00:00 2026-01-26T04:34:45+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-01-23T17:02:15+00:00 urn:sha1:fbe5524dc822317c1a4b7aad566a6dae5657cb22 Contains a fix for CVE-2024-6221 (related patch dropped) and CVE-2024-1681 Changelog: 4.0.1: - Fix Read the Docs builds - Update extension.py to clean request.path before logging it - Update CI to include Python 3.12 and flask 3.0.3 4.0.2: - Bump requests from 2.31.0 to 2.32.0 in /docs - Backwards Compatible Fix for CVE-2024-6221 - Add unit tests for Private-Network Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2024-09-09T19:14:48+00:00 Soumya Sambu soumya.sambu@windriver.com 2024-09-03T12:52:59+00:00 urn:sha1:f88706fe2f81f7ec6c98e6313acbefc89370bcb5 A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions. References: https://nvd.nist.gov/vuln/detail/CVE-2024-6221 Upsteam-Patch: https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-09-30T08:03:17+00:00 Derek Straka derek@asterius.io 2023-09-29T22:00:09+00:00 urn:sha1:6c29bdf1fd5edeea789b891f7bffcd4c07329f39 Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>