Skip to content

Cannot take security patch for Cryptography library due to upper bound on cryptography version #829

New issue
New issue
Open
Open
Cannot take security patch for Cryptography library due to upper bound on cryptography version#829
Labels
SDKIssue pertains to the SDK itself and not specific to any service
@ouldriw

Description

@ouldriw
ouldriw
opened on Feb 11, 2026

https://nvd.nist.gov/vuln/detail/CVE-2026-26007 has been reported which is fixed in Cryptography v46.0.5.

However the latest version of oci still requires a version <46.

This is the output from pip check:

oci 2.167.1 has requirement cryptography<46.0.0,>=3.2.1, but you have cryptography 46.0.5.

Please bump the maximum supported version or drop it entirely.

Metadata

Metadata

Assignees

No one assigned

    Labels

    SDKIssue pertains to the SDK itself and not specific to any service

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions