Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update certifi to version >= 2024.7.4 #2046

Closed
MakZer0 opened this issue Nov 19, 2024 · 2 comments
Closed

Update certifi to version >= 2024.7.4 #2046

MakZer0 opened this issue Nov 19, 2024 · 2 comments
Assignees
@dmurphy18
Labels
Info Needed

Comments

@MakZer0
Copy link

MakZer0 commented Nov 19, 2024

Hi,

Salt-Bootstrap uses certifi v2023.7.22 as a dependency.
Due to multiple Issues with versions prior to 2024.7.4 we're getting a lot of hits on vulnerability scanners in our environment.
Mainly due to untrusted certificates.
GHSA-248v-346w-9cwc

Are there any plans to update this dependency?
@dmurphy18 dmurphy18 self-assigned this Dec 12, 2024
@dmurphy18
Copy link
Contributor

@MakZer0 Can you please provide more information about your system, for example: OS, ca-certificates on the system etc.

The bootstrap script leverages the ca-certificates that come with the system, and does not explicitly come with it's own ca-certificate. I suggest you examine your system for the ca-certificates used, for example: RedHat family

__yum_install_noinput ca-certificates || return 1

The script is using that which is on the system.

@dmurphy18
Copy link
Contributor

Closing this since answer given and related to user's version of OS and what is installed on it, independent of bootstrap script.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dmurphy18 dmurphy18

Labels
Info Needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dmurphy18 @MakZer0