Merge pull request #95 from pinterest/cryptography-2.3.1

Upgrade to cryptography 2.3.1
2018-10-31 12:51:05 -05:00 · 2018-10-31 12:51:05 -05:00 · 7eee21f413
commit 7eee21f413
parent 06149b81e8 30db653f14
3 changed files with 7 additions and 2 deletions
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@ -1,3 +1,8 @@
+Version 1.4.1
+-------------
+ * Upgraded cryptography to 2.3.1 (for CVE-2018-10903, although snappass is
+   unaffected because it doesn't use the vulnerable ``finalize_with_tag`` API)
+
 Version 1.4.0
 -------------
 *You will lose stored passwords during the upgrade to this version*
--- a/requirements.txt
+++ b/requirements.txt
@ -4,5 +4,5 @@ MarkupSafe==1.0
 Werkzeug==0.14.1
 itsdangerous==0.24
 redis==2.10.6
-cryptography==2.2.2
+cryptography==2.3.1
 mock==2.0.0
--- a/setup.py
+++ b/setup.py
@ -2,7 +2,7 @@ from setuptools import setup

 setup(
    name='snappass',
-    version='1.4.0',
+    version='1.4.1',
    description="It's like SnapChat... for Passwords.",
    long_description=(open('README.rst').read() + '\n\n' +
                      open('AUTHORS.rst').read()),