Skip to content

3.2.0: Additional Updates on top of 3.1.0

Latest
Latest
Compare
Choose a tag to compare
@ckunki ckunki released this 16 Jan 15:49
· 5 commits to main since this release
3.2.0
ac01e5b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Summary

This release updates dependencies and fixes security vulnerabilities on top of 3.1.0.

Fixed vulnerabilities:

  • Vulnerabilities in direct dependency jinja2 version 3.1.4
    • #50 Moderate: Jinja has a sandbox breakout through malicious filenames Moderate
    • #49 Moderate: Jinja has a sandbox breakout through indirect reference to format method Moderate
  • Vulnerabilities in transitive dependency ansible-core via ansible:
    • #44 Moderate, affects versions < 2.17.6, ansible-core Incorrect Authorization vulnerability Moderate
    • #47 Low, affects versions < 2.17.7: Ansible-Core vulnerable to content protections bypass Low
  • Vulnerabilities in transitive testing dependency tornado version 6.4.1 via pytest-check-links, nbconvert, nbclient, jupyter-client:
    • #46 High: Tornado has an HTTP cookie parsing DoS vulnerability High

Accepted vulnerabilities:

  • Vulnerabilities in transitive testing dependency python-jose version 3.3.0 via localstack as there is no newer version available.
    • #31 Critical: python-jose algorithm confusion with OpenSSH ECDSA keys Critical
    • #32 Moderate: python-jose denial of service via compressed JWE content Moderate
  • Vulnerabilities in transitive dependency ansible-core 2.17.7 version via ansible as there is no newer version available.
    • #43 High: Ansible vulnerable to Insertion of Sensitive Information into Log File High

Security Issues

  • #346: Dependency upgrade

Refactorings

  • #333: Added project short tag in notebook tests
  • #339: Improved error reporting when the DockerDB doesn't start properly.

Bug Fixes

  • #335: Fixed DNS resolution in ITDE when running jupyter notebook tests
  • #342: Updated the jupysql dependency to resolve the conflict with prettytable

AMI Region availability

The AMI is currently only available in the AWS region eu-central-1. If you want to use the image in another region, you need to copy it before. Check the AWS documentation for details about how to copy the image.

Docker Images

docker pull exasol/ai-lab:3.2.0

AMI Images (Filter=3.2.0)

Image ID Name Description Public Image Location Creation Date State Asset-Tag-Value
0 ami-0f3337e5be187bc43 Exasol-AI-Lab-3.2.0 Image Description yes 561494727831/Exasol-AI-Lab-3.2.0 2025-01-16T12:34:08.000Z available 3.2.0

VM Images, Prefix=ai_lab/3.2.0)

Key Size URL
0 ai_lab/3.2.0/exasol-ai-lab-3.2.0.vhd 15.33 GB https://d3adquuoo89zuc.cloudfront.net/ai_lab/3.2.0/exasol-ai-lab-3.2.0.vhd
1 ai_lab/3.2.0/exasol-ai-lab-3.2.0.vmdk 10.67 GB https://d3adquuoo89zuc.cloudfront.net/ai_lab/3.2.0/exasol-ai-lab-3.2.0.vmdk
Assets 3
Loading