Mkdocs-material 9.5.5 includes a change in its dependency on Pillow. Previously set to approximately version 9.4, it has now been updated to version 10.22. This change was made in response to the security vulnerability identified as CVE-2023-504477.
https://github.com/squidfunk/mkdocs-material/commit/fe11bc0cabd692d37bc4cc4e8034dbe6783ef36b

Mkdocs-material 9.1.13 includes a fix for a Race Condition Vulnerability. Social plugin triggers the race condition vulnerability when downloading fonts.
https://github.com/squidfunk/mkdocs-material/issues/5515
https://github.com/squidfunk/mkdocs-material/issues/5521

MKDocs Material addresses an RXSS vulnerability found in deep links within search results.

Mkdocs-material 9.5.5 includes a change in its dependency on Pillow. Previously set to approximately version 9.4, it has now been updated to version 10.22. This change was made in response to the security vulnerability identified as CVE-2023-504477.
https://github.com/squidfunk/mkdocs-material/commit/fe11bc0cabd692d37bc4cc4e8034dbe6783ef36b

Mkdocs-material 9.1.13 includes a fix for a Race Condition Vulnerability. Social plugin triggers the race condition vulnerability when downloading fonts.
https://github.com/squidfunk/mkdocs-material/issues/5515
https://github.com/squidfunk/mkdocs-material/issues/5521

MKDocs Material addresses an RXSS vulnerability found in deep links within search results.

Mkdocs-material 9.5.5 includes a change in its dependency on Pillow. Previously set to approximately version 9.4, it has now been updated to version 10.22. This change was made in response to the security vulnerability identified as CVE-2023-504477.
https://github.com/squidfunk/mkdocs-material/commit/fe11bc0cabd692d37bc4cc4e8034dbe6783ef36b

Mkdocs-material 9.1.13 includes a fix for a Race Condition Vulnerability. Social plugin triggers the race condition vulnerability when downloading fonts.
https://github.com/squidfunk/mkdocs-material/issues/5515
https://github.com/squidfunk/mkdocs-material/issues/5521

MKDocs Material addresses an RXSS vulnerability found in deep links within search results.

Mkdocs-material 9.5.5 includes a change in its dependency on Pillow. Previously set to approximately version 9.4, it has now been updated to version 10.22. This change was made in response to the security vulnerability identified as CVE-2023-504477.
https://github.com/squidfunk/mkdocs-material/commit/fe11bc0cabd692d37bc4cc4e8034dbe6783ef36b

Mkdocs-material 9.1.13 includes a fix for a Race Condition Vulnerability. Social plugin triggers the race condition vulnerability when downloading fonts.
https://github.com/squidfunk/mkdocs-material/issues/5515
https://github.com/squidfunk/mkdocs-material/issues/5521

MKDocs Material addresses an RXSS vulnerability found in deep links within search results.

Mkdocs-material 9.5.5 includes a change in its dependency on Pillow. Previously set to approximately version 9.4, it has now been updated to version 10.22. This change was made in response to the security vulnerability identified as CVE-2023-504477.
https://github.com/squidfunk/mkdocs-material/commit/fe11bc0cabd692d37bc4cc4e8034dbe6783ef36b

Mkdocs-material 9.1.13 includes a fix for a Race Condition Vulnerability. Social plugin triggers the race condition vulnerability when downloading fonts.
https://github.com/squidfunk/mkdocs-material/issues/5515
https://github.com/squidfunk/mkdocs-material/issues/5521

MKDocs Material addresses an RXSS vulnerability found in deep links within search results.

Mkdocs-material 9.5.5 includes a change in its dependency on Pillow. Previously set to approximately version 9.4, it has now been updated to version 10.22. This change was made in response to the security vulnerability identified as CVE-2023-504477.
https://github.com/squidfunk/mkdocs-material/commit/fe11bc0cabd692d37bc4cc4e8034dbe6783ef36b

Mkdocs-material 9.1.13 includes a fix for a Race Condition Vulnerability. Social plugin triggers the race condition vulnerability when downloading fonts.
https://github.com/squidfunk/mkdocs-material/issues/5515
https://github.com/squidfunk/mkdocs-material/issues/5521

MKDocs Material addresses an RXSS vulnerability found in deep links within search results.

Mkdocs-material 9.5.5 includes a change in its dependency on Pillow. Previously set to approximately version 9.4, it has now been updated to version 10.22. This change was made in response to the security vulnerability identified as CVE-2023-504477.
https://github.com/squidfunk/mkdocs-material/commit/fe11bc0cabd692d37bc4cc4e8034dbe6783ef36b

Mkdocs-material 9.1.13 includes a fix for a Race Condition Vulnerability. Social plugin triggers the race condition vulnerability when downloading fonts.
https://github.com/squidfunk/mkdocs-material/issues/5515
https://github.com/squidfunk/mkdocs-material/issues/5521

MKDocs Material addresses an RXSS vulnerability found in deep links within search results.

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Pymdown-extensions 10.0 includes a fix for CVE-2023-32309: In affected versions an arbitrary file read is possible when using include file syntax. Any readable file on the host where the plugin is executing may have its content exposed. This can impact any use of Snippets that exposes the use of Snippets to external users. Users unable to upgrade may restrict relative paths by filtering input.
https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-jh85-wwv9-24hv

Mkdocs-material 9.5.5 includes a change in its dependency on Pillow. Previously set to approximately version 9.4, it has now been updated to version 10.22. This change was made in response to the security vulnerability identified as CVE-2023-504477.
https://github.com/squidfunk/mkdocs-material/commit/fe11bc0cabd692d37bc4cc4e8034dbe6783ef36b

Mkdocs-material 9.1.13 includes a fix for a Race Condition Vulnerability. Social plugin triggers the race condition vulnerability when downloading fonts.
https://github.com/squidfunk/mkdocs-material/issues/5515
https://github.com/squidfunk/mkdocs-material/issues/5521

MKDocs Material addresses an RXSS vulnerability found in deep links within search results.

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Pymdown-extensions 10.0 includes a fix for CVE-2023-32309: In affected versions an arbitrary file read is possible when using include file syntax. Any readable file on the host where the plugin is executing may have its content exposed. This can impact any use of Snippets that exposes the use of Snippets to external users. Users unable to upgrade may restrict relative paths by filtering input.
https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-jh85-wwv9-24hv

Mkdocs-material 9.5.5 includes a change in its dependency on Pillow. Previously set to approximately version 9.4, it has now been updated to version 10.22. This change was made in response to the security vulnerability identified as CVE-2023-504477.
https://github.com/squidfunk/mkdocs-material/commit/fe11bc0cabd692d37bc4cc4e8034dbe6783ef36b

Mkdocs-material 9.1.13 includes a fix for a Race Condition Vulnerability. Social plugin triggers the race condition vulnerability when downloading fonts.
https://github.com/squidfunk/mkdocs-material/issues/5515
https://github.com/squidfunk/mkdocs-material/issues/5521

MKDocs Material addresses an RXSS vulnerability found in deep links within search results.