https://github.com/specify/web-asset-server/tree/master
| Component |
Current Version/Range |
Latest Version/Replacement |
EOL Date |
Notes |
| ExifRead |
2.3.1 |
3.0.0 (PyPi) |
N/A |
|
| Paste |
3.4.4 |
3.10.0 (PyPi, in maintenance mode) / Alternative: Waitress, Gunicorn, or uWSGI |
N/A (Maintenance only) |
Paste is in maintenance mode; we should replace it with a dedicated WSGI server!! |
| sh |
1.14.0 |
2.2.2 (PyPi) |
Out of date since 2021 |
|
| Bottle |
>=0.12.23, <0.13 |
0.13.12 (PyPi) |
N/A |
|
| Docker Base OS |
ubuntu:18.04 |
ubuntu:24.04 LTS |
Ubuntu 18.04: April 2023 (standard support) |
Upgrade to a current LTS release for improved security and support; Ubuntu 24.04 LTS will be supported until ~2029 |
| Python Version |
python3.6 |
python3.14 |
Python 3.6: December 2021 |
Need to update Python version to make sure we have the latest security updates |
From CSIRO on Asana:
Asset-server: Upgrade python; 3.6 series has now reached EOL
Our Tenable has picked it up as a major vulnerability in asset server, is it possible to address this as a priority?
https://security.snyk.io/package/linux/ubuntu%3A18.04/python3.6
https://github.com/specify/web-asset-server/tree/master
From CSIRO on Asana: