CVE-2018-18074

Advisory

Kytos 2019.1b1 updates its dependency 'requests' to v2.21.0 to include a security fix.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

**************************************

Added
=====
- Added vlan_pool configuration on kytos.conf to support mef_eline. Now you
can configure available vlans per interface
- Added documentation to describe how to create a Meta Napp
- Added documentation about Unit Tests

Changed
=======
- Updated documentation to install python-openflow, kytos-utils and kytos in
that order
- Updated documentation to use pip3 instead pip
- Link id is now based on endpoints hashes, instead of a random uuid. This
fixes 875

Deprecated
==========

Removed
=======
- Removed circular dependency of kytos-utils
- Removed unnecessary comparison on interfaces if they are on the same switch

Fixed
=====
- Fixed type declaration that broke sphinx-build
- Fixed some linter issues
- Fixed NApps settings reload. Now when you change a NApp settings the reload
it will work

Security
========
- Updated pyyaml and requests requirements versions, in order to fix
vulnerabilities

Resources

• https://pypi.org/project/kytos
• https://pyup.io/changelogs/kytos/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18074