From 4423e6edae71a8de087559404f42d661b511db56 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Tue, 31 Mar 2020 13:47:56 -0400
Subject: [PATCH] update to the latest twisted to address two open CVEs

---
 requirements/requirements.in  | 1 +
 requirements/requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements/requirements.in b/requirements/requirements.in
index 2f6e557f13..a56c2fa115 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -46,6 +46,7 @@ requests-futures  # see library notes
 slackclient==1.1.2  # see UPGRADE BLOCKERs
 tacacs_plus==1.0  # UPGRADE BLOCKER: auth does not work with later versions
 twilio
+twisted[tls]>=20.3.0  # CVE-2020-10108, CVE-2020-10109
 uWSGI
 uwsgitop
 pip==19.3.1  # see UPGRADE BLOCKERs
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 5fbd964b76..a812f08b8b 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -118,7 +118,7 @@ sqlparse==0.3.1           # via django
 tacacs_plus==1.0          # via -r /awx_devel/requirements/requirements.in
 tempora==2.1.0            # via irc, jaraco.logging
 twilio==6.37.0            # via -r /awx_devel/requirements/requirements.in
-twisted[tls]==19.10.0     # via daphne
+twisted[tls]==20.3.0      # via -r /awx_devel/requirements/requirements.in, daphne
 txaio==20.1.1             # via autobahn
 typing-extensions==3.7.4.1  # via aiohttp
 urllib3==1.25.8           # via kubernetes, requests