Forums

I am getting GitHub alerts about the Flask stack version, some marked high severity. Would it be possible to update your Python 3.6 at least to upgrade Flask (>=1.0.0), Jinja2 (>=2.10.1) and Werkzeug (>=0.15.3).

I realise I could run my own virtual env but one of the attacks is a memory swelling DOS which could bring down other PA users.

Thanks for flagging this! we should be pushing out a new image soon (within the next month), which will be the default for all new users and will have an upgraded flask/jinja2/werkzeug.

In general our built-in sandboxing/memory control should protect vulnerable users from impacting other though.