Elgato_dark/ragflow
1
0
Fork 0
mirror of https://github.com/infiniflow/ragflow synced 2026-05-24 09:39:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
ragflow/sdk/python
History
guptas6est aa57bcf92a
fix: upgrade urllib3 to 2.6.3 to resolve CVE-2025-66418, CVE-2025-66471, CVE-2026-21441 (#13423) 
### What problem does this PR solve?

This PR remediates three HIGH severity vulnerabilities in urllib3
affecting the admin client and Python SDK:
- **CVE-2025-66418**: Unbounded decompression chain leads to resource
exhaustion
- **CVE-2025-66471**: Streaming API improperly handles highly compressed
data
- **CVE-2026-21441**: Decompression-bomb safeguard bypass when following
HTTP redirects
Trivy security scan identified urllib3 v2.5.0 as vulnerable in both
`admin/client/uv.lock` and `sdk/python/uv.lock`. This PR updates urllib3
to v2.6.3 to eliminate these security risks.

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
2026-03-06 09:29:10 +08:00
..
ragflow_sdk Fix/13142 auto metadata (#13217) 2026-02-26 10:25:48 +08:00
test Fix (api): fix the document parsing status check logic (#12504) 2026-02-28 14:38:55 +08:00
hello_ragflow.py Update comments (#4569) 2025-01-21 20:52:28 +08:00
pyproject.toml Docs: Update version references to v0.24.0 in READMEs and docs (#13095) 2026-02-10 17:24:03 +08:00
uv.lock fix: upgrade urllib3 to 2.6.3 to resolve CVE-2025-66418, CVE-2025-66471, CVE-2026-21441 (#13423) 2026-03-06 09:29:10 +08:00