<https://pyupio.github.io/safety-db/> has marked T...
# community-helpm
Mehdi Khlifi
07/07/2021, 12:30 PMhttps://pyupio.github.io/safety-db/ has marked Typesense version <0.13.0 as vulnerable, yet the latest version is 0.12.0. Does that make sense? 🤔
k
Kishore Nallan
07/07/2021, 12:32 PMDo they say why it's insecure?
s
Stefan Hesse
07/08/2021, 6:54 AM Copy code
"typesense": [
{
"advisory": "Typesense 0.13.0 allows one to generate API keys with fine-grained access control restrictions for better security.",
"cve": null,
"id": "pyup.io-38798",
"specs": [
"<0.13.0"
],
"v": "<0.13.0"
}
],Stefan Hesse
07/08/2021, 6:55 AM"Most of the entries are found by filtering CVEs and changelogs for certain keywords and then manually reviewing them."
Stefan Hesse
07/08/2021, 6:55 AMdef. a false positive
k
Kishore Nallan
07/08/2021, 6:55 AMI think it is talking about Typesense server version 0.13 where I think we introduced API key permissions.
Kishore Nallan
07/08/2021, 6:56 AMKishore Nallan
07/08/2021, 6:58 AMThanks for pulling that up @Stefan Hesse
👍 1