Skip to content

[Backport 7.78.x] Bump pyOpenSSL to >=26.0.0 (CVE-2026-27459, CVE-2026-27448)#23235

Merged
Kyle-Neale merged 2 commits into7.78.xfrom
backport-23225-to-7.78.x
Apr 9, 2026
Merged

[Backport 7.78.x] Bump pyOpenSSL to >=26.0.0 (CVE-2026-27459, CVE-2026-27448)#23235
Kyle-Neale merged 2 commits into7.78.xfrom
backport-23225-to-7.78.x

Conversation

@dd-octo-sts
Copy link
Copy Markdown
Contributor

@dd-octo-sts dd-octo-sts Bot commented Apr 8, 2026

Backport ec924b0 from #23225.

Summary

  • Bumps pyOpenSSL from ==25.3.0 to >=26.0.0 in agent_requirements.in and datadog_checks_base/pyproject.toml to address two security vulnerabilities.
  • Removes pyopenssl from the [overrides.dep.updates] exclude list in .ddev/config.toml — the previous blocker (snowflake-connector-python requiring pyopenssl<26.0.0) was removed in Remove snowflake integration and snowflake-connector-python dependency #23164.

Security

Addresses:

Test plan

  • CI passes
  • Verify agent build picks up pyOpenSSL >=26.0.0

🤖 Generated with Claude Code

@Kyle-Neale @claude @github-actions
Bump pyOpenSSL to >=26.0.0 (CVE-2026-27459, CVE-2026-27448) (#23225)
4033ed1 
* Bump pyOpenSSL to >=26.0.0 to address CVE-2026-27459 and CVE-2026-27448

Updates pyOpenSSL from ==25.3.0 to >=26.0.0 across agent_requirements.in
and datadog_checks_base to address VULN-59209 (Critical 9.8) and
VULN-59208 (Medium 5.3). Also removes the dep-update exclusion for
pyopenssl now that the snowflake-connector-python blocker is resolved.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Add changelog entry for pyOpenSSL bump (PR #23225)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Fix validation: use == pin for pyopenssl

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit ec924b0)
@dd-octo-sts dd-octo-sts Bot requested a review from a team as a code owner April 8, 2026 20:21
@datadog-official
Copy link
Copy Markdown
Contributor

datadog-official Bot commented Apr 8, 2026
edited
Loading

⚠️ Tests

Fix all issues with BitsAI or with Cursor

⚠️ Other Violations

🧪 1 Test failed

test_validate_ci_success from test_ci.py   View in Datadog   (Fix with Cursor) 
CI configuration is not in sync, try again with the \`--sync\` flag
  
assert 1 == 0
 +  where 1 = <Result SystemExit(1)>.exit_code

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: bdcfc3e | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 8, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (7.78.x@9ac7ad0). Learn more about missing BASE report.

Additional details and impacted files
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Kyle-Neale Kyle-Neale merged commit 8827d01 into 7.78.x Apr 9, 2026
832 of 851 checks passed
@Kyle-Neale Kyle-Neale deleted the backport-23225-to-7.78.x branch April 9, 2026 16:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steveny91 steveny91 steveny91 approved these changes

Assignees

No one assigned

Labels

agent/approved backport base_package bot dependencies ecosystems/review-requested product/review-requested team/agent-integrations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@steveny91 @Kyle-Neale