From 55bf41f7f6b0cb758ffd841957e3f538ce803718 Mon Sep 17 00:00:00 2001 From: Iain Powrie Date: Sun, 12 Dec 2021 15:08:35 +0000 Subject: [PATCH 1/2] Apply vulnerability patch to mitigate CVE-2021-44228 --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 7e7c2ca0..c27176df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,6 +2,9 @@ FROM python:alpine LABEL maintainer="Dockerfile created by Zedifus " +# Security Patch for CVE-2021-44228 +ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true + # Install Packages, Build Dependencies & Garbage Collect & Harden # (Alpine Edge repo is needed because jre16 is new) COPY requirements.txt /commander/requirements.txt From 39edd9c85053b575605cff13564ae440fe44ed73 Mon Sep 17 00:00:00 2001 From: Zedifus Date: Wed, 26 Jan 2022 02:42:37 +0000 Subject: [PATCH 2/2] Fix Duplicate encoding argument on windows migration read --- app/classes/shared/migration.py | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/app/classes/shared/migration.py b/app/classes/shared/migration.py index fc2733f7..202bf027 100644 --- a/app/classes/shared/migration.py +++ b/app/classes/shared/migration.py @@ -392,17 +392,15 @@ class MigrationManager(): """ Reads a migration from a file. """ - call_params = {} if helper.is_os_windows() and sys.version_info >= (3, 0): # if system is windows - force utf-8 encoding - call_params['encoding'] = 'utf-8' - with open(os.path.join(helper.migration_dir, name + '.py'), **call_params, encoding='utf-8') as f: - code = f.read() - scope = {} - code = compile(code, '', 'exec', dont_inherit=True) - # pylint: disable=exec-used - exec(code, scope, None) - return scope.get('migrate', lambda m, d: None), scope.get('rollback', lambda m, d: None) + with open(os.path.join(helper.migration_dir, name + '.py'), encoding='utf-8') as f: + code = f.read() + scope = {} + code = compile(code, '', 'exec', dont_inherit=True) + # pylint: disable=exec-used + exec(code, scope, None) + return scope.get('migrate', lambda m, d: None), scope.get('rollback', lambda m, d: None) def up_one(self, name: str, migrator: Migrator, fake: bool = False, rollback: bool = False) -> str: