Skip to content

security: bump aiomysql to 0.3.2 to resolve CVE-2025-62611#27

Merged
whhe merged 1 commit into
oceanbase:mainfrom
kenwoodjw:fix/cve
Oct 30, 2025
Merged

security: bump aiomysql to 0.3.2 to resolve CVE-2025-62611#27
whhe merged 1 commit into
oceanbase:mainfrom
kenwoodjw:fix/cve

Conversation

@kenwoodjw

Copy link
Copy Markdown
Contributor

Summary

security: bump aiomysql to 0.3.2 to resolve CVE-2025-62611

Solution Description

  • Update pyproject.toml:13 to require aiomysql ^0.3.2, addressing CVE-2025-62611.
  • Run poetry update aiomysql so poetry.lock and the environment resolve to aiomysql 0.3.2 (poetry show aiomysql confirms).
  • Verification: with OceanBase running and an empty-password jtuser@test user created, poetry run pytest passes except for tests/test_json_table.py::ObVecJsonTableTest::test_user_group, which still
    fails because the multi-user scenario can’t find table table_shared.

@CLAassistant

CLAassistant commented Oct 30, 2025

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

Signed-off-by: kenwood chan <kenwoodchan@kenwooddeMacBook-Pro.local>

@whhe whhe left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@whhe whhe merged commit 906df6c into oceanbase:main Oct 30, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants