Google Git
Sign in
gerrit / gerrit-release-tools / 63ead02abc13e6db8093cead2d89a9f715ff1447
commit63ead02abc13e6db8093cead2d89a9f715ff1447[log] [tgz]
authorDavid Pursehouse <dpursehouse@collab.net>Mon Nov 05 19:50:13 2018 +0900
committerDavid Pursehouse <dpursehouse@collab.net>Mon Nov 05 19:50:13 2018 +0900
treefa517020fc198a154fdc92e52aa80ac8ac24d4ce
parent1e560174afea6600dc43a02fcb1bbaca53e73533 [diff]
CVE-2018-18074: Upgrade requests to 2.19.1

Fixes CVE-2018-18074 [1]:

  The Requests package through 2.19.1 before 2018-09-14 for Python
  sends an HTTP Authorization header to an http URI upon receiving
  a same-hostname https-to-http redirect, which makes it easier for
  remote attackers to discover credentials by sniffing the network.

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-18074

Change-Id: I064de6beb227e40ae4904e1bd23b297da9626f49
1 file changed
tree: fa517020fc198a154fdc92e52aa80ac8ac24d4ce
  1. Pipfile
  2. Pipfile.lock
  3. README.md
  4. release-announcement-template.txt
  5. release-announcement.py
README.md

Gerrit release tools

This repository contains tools to support Gerrit release management. The tools can be used standalone, independent of the gerrit branch checked out.

Prerequisites

It is assumed that pip and pipenv are installed.

Installation

Installation is as simple as cloning the repository:

  git clone https://gerrit.googlesource.com/gerrit-release-tools

and then installing the dependencies with pipenv:

  cd gerrit-release-tools
  pipenv install

Usage

To use the tools the environment must be activated:

  pipenv shell

Refer to the individual tools' help for further details.