chore: Bump up version to 3.6.2

healthjoy · Mar 1, 2024 · 4527f06 · 4527f06
1 parent ad1fc2a
commit 4527f06
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,4 +1,11 @@
 # Changelog
+## 3.6.2
+* Resolve a couple of security concerns by updating `cryptography` package to `42.0.4`.
+  * [High] cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
+  * [High] Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
+  * [Moderate] Null pointer dereference in PKCS12 parsing
+  * [Moderate] cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
+
 ## 3.6.1
 * Remove unintended quoting of the column char in the API URLs
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "async-firebase"
-version = "3.6.1"
+version = "3.6.2"
 description = "Async Firebase Client - a Python asyncio client to interact with Firebase Cloud Messaging in an easy way."
 license = "MIT"
 authors = [