Merge pull request #95 from pinterest/cryptography-2.3.1

jparise · web-flow · commit 7eee21f413d2 · 2018-10-31T12:51:05.000-05:00
Upgrade to cryptography 2.3.1
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -1,3 +1,8 @@
+Version 1.4.1
+-------------
+ * Upgraded cryptography to 2.3.1 (for CVE-2018-10903, although snappass is
+   unaffected because it doesn't use the vulnerable ``finalize_with_tag`` API)
+
 Version 1.4.0
 -------------
 *You will lose stored passwords during the upgrade to this version*
diff --git a/requirements.txt b/requirements.txt
@@ -4,5 +4,5 @@ MarkupSafe==1.0
 Werkzeug==0.14.1
 itsdangerous==0.24
 redis==2.10.6
-cryptography==2.2.2
+cryptography==2.3.1
 mock==2.0.0
diff --git a/setup.py b/setup.py
@@ -2,7 +2,7 @@
 
 setup(
     name='snappass',
-    version='1.4.0',
+    version='1.4.1',
     description="It's like SnapChat... for Passwords.",
     long_description=(open('README.rst').read() + '\n\n' +
                       open('AUTHORS.rst').read()),
