-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace "passlib" with direct calls to bcrypt #304
Milestone
Comments
LilDojd
added a commit
to LilDojd/alchemiscale
that referenced
this issue
Sep 18, 2024
fixes OpenFreeEnergy/alchemiscale/OpenFreeEnergy#304
dotsdl
added this to the Release 0.5.2 - py2neo+grolt updates for newer Neo4j milestone
Sep 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
It has come to my attention that
passlib
is no longer actively maintained, with the last release dating back to 2020. This raises concerns about potential CVE and long-term compatibility.Furthermore, when using
bcrypt
versions higher than 4.0.1, I encountered an issue similar to pyca/bcrypt#684. This suggests thatpasslib
may not be compatible with the latest versions ofbcrypt
that is installed with conda in your environments.Pinning
bcrypt
to version 4.0.1 is not a sustainable solution, as it could expose users to future security vulnerabilities that are addressed in newer releases.Proposal:
I recommend replacing the usage of
passlib
with the bcrypt library directly. I will draft a PR shortly. This is not a high priority issue, so feel free to triage as you pleaseReferences:
The text was updated successfully, but these errors were encountered: