Task/fp 1285 cms critical dependency upgrade (#437)

* Upgraded Pillow dependency to 8.4.0 and cleaned up some formatting in the settings.py file. * Bunped the base image version for the cms to python 3.9.10-buster in order to support required upgrade to Pillow 9.0.0, which had a critical security vulnerability. * Dropping python base image version for Django Because we use Django 2.2.16 which supports Python 3.5–3.8 (but not 3.9). * Update settings.py Forgot to reset this after local development. Note: This seems like a good setting to move into the `settings_custom` file (in the deployments repo) as a per portal value (once the CMS adopts the `Core-portal` setup for organizing settings, custom and secrets). Plus we can add the local override for a `settings.dev` to ease local dev.
TACC · Feb 2, 2022 · 1d4a8b1 · 1d4a8b1
1 parent a675d41
commit 1d4a8b1
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 13 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.6-buster as python-base
+FROM python:3.8.12-buster as python-base
 
 LABEL maintainer="TACC-ACI-WMA <[email protected]>"
 

diff --git a/requirements.txt b/requirements.txt
@@ -69,7 +69,7 @@ lxml==4.5.2
 mccabe==0.6.1
 packaging==20.4
 parso==0.7.1
-Pillow==7.2.0
+Pillow==9.0.0
 pip-upgrader==1.4.15
 pluggy==0.13.1
 psycopg2==2.8.6

diff --git a/taccsite_cms/settings.py b/taccsite_cms/settings.py
@@ -17,6 +17,7 @@
 SECRET_KEY = 'CHANGE_ME'
 def gettext(s): return s
 
+
 DATA_DIR = os.path.dirname(os.path.dirname(__file__))
 
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -31,7 +32,7 @@ def gettext(s): return s
 LDAP_ENABLED = True
 
 # Default portal authorization verification endpoint.
-CEP_AUTH_VERIFICATION_ENDPOINT =  'localhost' #'https://0.0.0.0:8000'
+CEP_AUTH_VERIFICATION_ENDPOINT = 'localhost'  # 'https://0.0.0.0:8000'
 
 ########################
 # DATABASE SETTINGS
@@ -150,7 +151,7 @@ def gettext(s): return s
     "True"
 ]
 
-BRANDING = [ TACC_BRANDING, UTEXAS_BRANDING ]
+BRANDING = [TACC_BRANDING, UTEXAS_BRANDING]
 
 LOGO = [
     "portal",
@@ -169,12 +170,12 @@ def gettext(s): return s
 
 INCLUDES_CORE_PORTAL = True
 
-LOGOUT_REDIRECT_URL='/'
+LOGOUT_REDIRECT_URL = '/'
 
-## using container name to avoid cep.dev dns issues locally
-## this will need to be updated for dev/pprd/prod systems
-## for example, CEP_AUTH_VERIFICATION_ENDPOINT=https://dev.cep.tacc.utexas.edu
-CEP_AUTH_VERIFICATION_ENDPOINT='http://django:6000'
+# using container name to avoid cep.dev dns issues locally
+# this will need to be updated for dev/pprd/prod systems
+# for example, CEP_AUTH_VERIFICATION_ENDPOINT=https://dev.cep.tacc.utexas.edu
+CEP_AUTH_VERIFICATION_ENDPOINT = 'http://django:6000'
 
 ########################
 # CLIENT BUILD SETTINGS
@@ -314,6 +315,8 @@ def gettext(s): return s
 ]
 
 # Convert list of paths to list of dotted module names
+
+
 def get_subdirs_as_module_names(path):
     module_names = []
     for entry in os.scandir(path):
@@ -328,14 +331,15 @@ def get_subdirs_as_module_names(path):
             module_names.append(module_name)
     return module_names
 
+
 # Append CMS project paths as module names to INSTALLED_APPS
 # FAQ: This automatically looks into `/taccsite_custom` and creates an "App" for each directory within
 CUSTOM_CMS_DIR = os.path.join(BASE_DIR, 'taccsite_custom')
 
 INSTALLED_APPS_APPEND = get_subdirs_as_module_names(CUSTOM_CMS_DIR)
 INSTALLED_APPS = INSTALLED_APPS + INSTALLED_APPS_APPEND
 
-MIGRATION_MODULES = { }
+MIGRATION_MODULES = {}
 LANGUAGE_CODE = 'en'
 TIME_ZONE = 'America/Chicago'
 USE_I18N = True
@@ -389,7 +393,7 @@ def get_subdirs_as_module_names(path):
 # 0600 and Django doesn't fix it unless FILE_UPLOAD_PERMISSIONS is defined.
 # A tempfile is used when upload exceeds FILE_UPLOAD_MAX_MEMORY_SIZE.
 FILE_UPLOAD_PERMISSIONS = 0o644
-FILE_UPLOAD_MAX_MEMORY_SIZE = 20000000 # 20MB
+FILE_UPLOAD_MAX_MEMORY_SIZE = 20000000  # 20MB
 
 DJANGOCMS_AUDIO_ALLOWED_EXTENSIONS = ['mp3', 'ogg', 'wav']
 
@@ -406,7 +410,7 @@ def get_subdirs_as_module_names(path):
 DJANGOCMS_FORMS_REDIRECT_DELAY = 1
 
 # Elasticsearch Indexing
-HAYSTACK_ROUTERS = ['aldryn_search.router.LanguageRouter',]
+HAYSTACK_ROUTERS = ['aldryn_search.router.LanguageRouter', ]
 HAYSTACK_SIGNAL_PROCESSOR = 'taccsite_cms.signal_processor.RealtimeSignalProcessor'
 ALDRYN_SEARCH_DEFAULT_LANGUAGE = 'en'
 ALDRYN_SEARCH_REGISTER_APPHOOK = True
@@ -415,7 +419,7 @@ def get_subdirs_as_module_names(path):
         'ENGINE': 'haystack.backends.elasticsearch_backend.ElasticsearchSearchEngine',
         'URL': ES_HOSTS,
         'INDEX_NAME': ES_INDEX_PREFIX.format('cms'),
-        'KWARGS': {'http_auth': ES_AUTH }
+        'KWARGS': {'http_auth': ES_AUTH}
     }
 }