Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by teor@teor

Require Twisted 20.3.0 in gettor's requirements.txt

Twisted has a HTTP request splitting vulnerability, GetTor is probably affected.

Please update your requirements.txt to depend on Twisted 20.3.0 or later. (And any downstream packages.)

The GitHub alert is: https://github.com/torproject/gettor/network/alert/requirements.txt/Twisted/open

The relevant CVEs are: CVE-2020-10108 https://github.com/advisories/GHSA-h96w-mmrf-2h6v CVE-2020-10109 https://github.com/advisories/GHSA-p5xh-vx83-mxcj

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information