Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to use python package cryptography 43 #692

Closed
fmorriso opened this issue Aug 13, 2024 · 10 comments
Closed

Upgrade to use python package cryptography 43 #692

fmorriso opened this issue Aug 13, 2024 · 10 comments
Labels
SDK Issue pertains to the SDK itself and not specific to any service

Comments

@fmorriso
Copy link

fmorriso commented Aug 13, 2024

Please upgrade your python SDK to use python package cryptography >= 43.

Every time I upgrade packages for my Python project, I have to back-level cryptography to < 43 as shown below:

pip install cryptography<43

I would be nice if you would upgrade oci to use cryptography>=43 to alleviate me having to constantly downgrade to < 43.

@sodul
Copy link

sodul commented Aug 21, 2024

The upper limits are counter productive for requirements, they should only be set if there are known compatibility issues.

@fmorriso
Copy link
Author

sodul: when using some db packages like pymongo or sqlite, OCI chokes if cryptography >= 43.

@sodul
Copy link

sodul commented Aug 22, 2024

Interesting, so the bug is that there are actual compatibility issues between OCI, pymongo and newer cryptography. Is this documented/tracked?

I noticed #681 but there is no mention of the problem there.

@gshamgar-r7
Copy link

This is a must due to this security issue: https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-7886970

@jyotisaini jyotisaini added the SDK Issue pertains to the SDK itself and not specific to any service label Sep 9, 2024
@jyotisaini
Copy link
Contributor

Thanks all for reporting this. My team is currently working on upgrading cryptography pkg and i'll update here once we have it updated and released.

@vmsilvamolina
Copy link

Hey @jyotisaini! I sent a PR about that a few weeks ago: #699. Can you approve it? Thanks!

@jyotisaini
Copy link
Contributor

Hi @vmsilvamolina thanks for the PR. This has been fixed internally and will be released on 01/8.

@vmsilvamolina
Copy link

Was it a typo? Could it be October 8? Thank you for your response!

@jyotisaini
Copy link
Contributor

Sorry about that. I meant 10/8.

@bhagwatvyas
Copy link
Member

This has been fixed in v2.135.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
SDK Issue pertains to the SDK itself and not specific to any service
Projects
None yet
Development

No branches or pull requests

6 participants