Skip to content

Release Python Oracle KMS Storage v1.1.0#965

Open
stas-schaller wants to merge 1 commit intomasterfrom
release/storage/python/oracle-kms/v1.1.0
Open

Release Python Oracle KMS Storage v1.1.0#965
stas-schaller wants to merge 1 commit intomasterfrom
release/storage/python/oracle-kms/v1.1.0

Conversation

@stas-schaller
Copy link
Contributor

@stas-schaller stas-schaller commented Mar 9, 2026

Summary

Release branch for v1.1.0 — raises the Python floor to 3.9, aligns the Core dependency with v17.2.0, and fixes HIGH severity CVE-2026-26007. Also restores pyproject.toml which was accidentally wiped in the prior release branch.

Changes

Bug Fixes

  • CVE-2026-26007 (KSM-834): cryptography subgroup attack on SECT curves — update cryptography floor from >=44.0.0 to >=46.0.5 (CVSS 8.2)

Maintenance

  • Raise minimum Python version from 3.6 to 3.9
  • Update keeper-secrets-manager-core dependency floor from >=16.6.6 to >=17.2.0
  • Restore pyproject.toml (accidentally wiped in prior v1.0.1 release branch)
  • Add Python 3.13 classifier; remove 3.6, 3.7, 3.8 classifiers
  • Remove importlib_metadata from requirements.txt (stdlib since Python 3.8)
  • Add Change Log section to README

Breaking Changes

Python 3.6, 3.7, and 3.8 are no longer supported. Users on those versions must remain on v1.0.0.

Related Issues

  • KSM-834

@socket-security
Copy link

socket-security bot commented Mar 9, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedpypi/​requests@​2.32.499100100100100

View full report

@stas-schaller stas-schaller changed the title Release keeper-secrets-manager-storage-oracle-kms v1.1.0 Release Python Oracle KMS Storage v1.1.0 Mar 9, 2026
@stas-schaller
feat(storage): release keeper-secrets-manager-storage-oracle-kms v1.1.0
4599784 
Align Oracle KMS storage with Python Core SDK v17.2.0 and fix CVE-2026-26007
(cryptography subgroup attack).

Features:
- bump keeper-secrets-manager-storage-oracle-kms to v1.1.0

Bug fixes:
- fix CVE-2026-26007 (HIGH, CVSS 8.2): pin cryptography>=46.0.5

Maintenance:
- raise minimum Python version from 3.6 to 3.9
- require keeper-secrets-manager-core>=17.2.0
- update publish workflow: version pre-check, SBOM generation, wheel CVE-2026-24049 pin
@stas-schaller stas-schaller force-pushed the release/storage/python/oracle-kms/v1.1.0 branch from 81b1e69 to 4599784 Compare March 10, 2026 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stas-schaller