Merge pull request #53 from dimagi/dm/cve-2019-19118

Comment about CVE-2019-19118
dimagi · Dec 5, 2019 · 542e9be · 542e9be
2 parents 82cc103 + 02169c6
commit 542e9be
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/setup.py b/setup.py
@@ -32,6 +32,8 @@ def get_readme():
     packages=find_packages(),
     zip_safe=False,
     install_requires=[
+        # avoid django>=2.1.0,<2.1.15,>=2.2.0,<2.2.8 due to CVE-2019-19118
+        # https://github.com/advisories/GHSA-hvmf-r92r-27hr
         'django>=1.8,<2.1',
         'jsonfield>=1.0.3',
         'simplejson',