[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Health-dev] HMIS running on outdated werkzeug in production?

From: Luis Falcon
Subject: Re: [Health-dev] HMIS running on outdated werkzeug in production?
Date: Thu, 31 Mar 2022 16:50:53 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1

Hi there!

On 3/31/22 15:26, Gerald Wiese wrote:

this is about the version of werkzeug.

What about the documentation saying not to use werkzeug in production? Is this neglectable if putting a reverse proxy in front anyway or is this actually a problem and uWSGI or something should be put between reverse proxy and application?

Trytond kernel depends heavily on werkzeug... just doing a simple grep

14:from import safe_join
8:from werkzeug.wrappers import Response
9:from werkzeug.exceptions import (
13:from werkzeug.exceptions import abort
14:from werkzeug.wrappers import Response
14:from werkzeug.wrappers import Request as _Request, Response
15:from werkzeug.http import wsgi_to_bytes, bytes_to_wsgi
16:from werkzeug.datastructures import Authorization
17:from werkzeug.exceptions import abort, HTTPException
10:from werkzeug.wrappers import Response
11:from werkzeug.exceptions import (
7:from werkzeug.exceptions import abort
13:from werkzeug.exceptions import abort
14:from werkzeug.utils import redirect
15:from werkzeug.wrappers import Response
16:from werkzeug.wrappers import Response
17:from werkzeug.routing import Map, Rule, BaseConverter
18:from werkzeug.exceptions import abort, HTTPException, InternalServerError
20:    from werkzeug.middleware.proxy_fix import ProxyFix
27:    from werkzeug.contrib.fixers import ProxyFix as NumProxyFix
29:    from import safe_join
33:    from werkzeug.middleware.shared_data import SharedDataMiddleware
35:    from werkzeug.wsgi import SharedDataMiddleware
7:from werkzeug.wrappers import Response
8:from werkzeug.test import Client
8:from werkzeug.test import Client
9:from werkzeug.wrappers import BaseResponse
6:    from werkzeug.utils import cached_property
18:from werkzeug.utils import redirect
19:from werkzeug.wrappers import Response
20:from werkzeug.exceptions import (

So eliminating it at this point would be challenging. The idea on LTS versions is to focus on stability. Basically if it runs well, we'll wait until the next GH stable release to upgrade the Tryton kernel.

That said, at GNU Health we take security very seriously, and if there is a known security bug in the werkzeug version used with Trytond 6.x at we will patch the kernel, as we have done in the past.

Let us know your thoughts


Dr. Luis Falcon, MD, MSc
President, GNU Solidario
Advancing Social Medicine

reply via email to

[Prev in Thread] Current Thread [Next in Thread]