chore(security): bump gunicorn 23.0.0 -> 26.0.0 (SEC-1746)#301
Open
mcd-scarlson wants to merge 1 commit into
Open
chore(security): bump gunicorn 23.0.0 -> 26.0.0 (SEC-1746)#301mcd-scarlson wants to merge 1 commit into
mcd-scarlson wants to merge 1 commit into
Conversation
Closes Aikido group 28678334. gunicorn 23.0.0 is affected by HTTP request smuggling (CWE-444) / CRLF injection (CWE-113) issues fixed in 26.0.0. Since gunicorn is the HTTP frontend for the agent (Dockerfile CMD: `gunicorn --bind :$PORT apollo.interfaces.*:app`), this is on the directly-exposed attack surface. 26.0.0 only requires `packaging` (no new deps), so the lockfile delta is just the version line. Verified via PyPI metadata; manual lockfile edit matches what `pip-compile --output-file=requirements.txt --strip-extras requirements.in` would produce. Linear: SEC-1746 Aikido: https://app.aikido.dev/queue?sidebarIssue=28678334 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
revulas
approved these changes
May 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bumps
gunicornfrom23.0.0to26.0.0inrequirements.in+requirements.txt. Closes the open Aikido HIGH finding (group28678334) tracked in SEC-1746.Why this matters
gunicornis the HTTP server fronting the agent —Dockerfileruns:23.0.0 is affected by HTTP request smuggling (CWE-444) and CRLF injection (CWE-113); the fix landed in upstream gunicorn 26.0.0. Because gunicorn terminates HTTP traffic on the customer-facing surface of the agent, this is on the directly exposed attack path — not a transitive/internal-only issue.
The same CVE was confirmed against the GA
montecarlodata/agentimage (not justpre-release-agent) via wizcli first-party scan and Aikido cross-check.Lockfile note
gunicorn26.0.0 only requirespackaging(already in the lockfile). No transitive graph changes. The manual one-line lockfile edit matches whatpip-compile --output-file=requirements.txt --strip-extras requirements.inwould produce — verified against PyPI metadata for 26.0.0. If CI regenerates the lockfile differently, please push the regeneratedrequirements.txtover this change.Test plan
docker build)GET /api/v1/test/healthreturns 20028678334closes on next scan after the GA image is re-publishedOut of scope (separate tickets / next round)
These were also flagged in the same investigation but left for the agent team's normal cadence:
PyMySQL1.1.1 -> 1.1.3 (Aikido group26517697) — LOW exploitability (outbound only)duckdb1.1.0 -> 1.3.0 — LOWapache/thrift0.22.0 -> 0.23.0 (vendored in teradatasql binaries) — transitive, upstreamlibgnutls30t64(2 CRIT TLS CVEs) — base image rebuildReferences
🤖 Generated with Claude Code