The aiohttp packages older than 3.9.0 are affected by the following CVE. Releases 1.40.0 and earlier are vulnerable if the local aiohttp package installed was not at least 3.9.0.
Meraki release 1.40.1 includes updated requirements stipulating aiohttp package 3.9.0 or later, resolving this issue.
It's recommended that all customers upgrade to 1.40.1.
For more information, please reference CVE-2023-49081
The aiohttp packages older than 3.9.0 are affected by the following CVE. Releases 1.40.0 and earlier are vulnerable if the local aiohttp package installed was not at least 3.9.0.
Meraki release 1.40.1 includes updated requirements stipulating aiohttp package 3.9.0 or later, resolving this issue.
It's recommended that all customers upgrade to 1.40.1.
For more information, please reference CVE-2023-49081