Bump Paramiko version requirement

Paramiko 3.4.0 and later addresses the "Terrapin" vulnerability (CVE-2023-48795, CVE-2023-46445, CVE-2023-46446). Update the requirements list accordingly.
hastexo · Apr 29, 2024 · 9d477f9 · 9d477f9
1 parent daa24bc
commit 9d477f9
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/Changelog.md b/Changelog.md
@@ -1,3 +1,7 @@
+Unreleased
+-------------------------
+* [Enhancement] Update to a newer Paramiko version.
+
 Version 7.10.1 (2024-04-23)
 -------------------------
 * [Bug fix] Stop installing the XBlock in editable mode with `-e .`

diff --git a/requirements/base.txt b/requirements/base.txt
@@ -9,7 +9,7 @@ osc-lib>=1.2.0,<2
 os-client-config>=1.28.0,<2
 oslo.serialization>=2.28.1,<3
 oslo.utils>=3.37.1,<4
-paramiko>=2.10.1,<2.11
+paramiko>=3.4.0
 pymongo<4
 python-heatclient>=1.6.1,<2
 python-keystoneclient>=3.17.0,<3.22

diff --git a/setup.py b/setup.py
@@ -58,7 +58,7 @@ def package_data(pkg, roots):
     install_requires=[
         'apscheduler<3.8',
         'google-api-python-client<1.8',
-        'paramiko<2.11',
+        'paramiko',
         'python-heatclient<2',
         'python-keystoneclient<3.22',
         'python-novaclient<16',