From 526516db2c7e0dd692259adc2e3cd3f725f14c93 Mon Sep 17 00:00:00 2001
From: ona-security-engineer <moritz+ona-security-engineer@ona.com>
Date: Tue, 10 Feb 2026 07:48:23 +0000
Subject: [PATCH] fix: upgrade gunicorn 21.2.0 to 23.0.0 (CVE-2024-1135)

Addresses HTTP Request Smuggling vulnerability in gunicorn due to
improper Transfer-Encoding header validation.

Jira: SE-3

Co-authored-by: Ona <no-reply@ona.com>
---
 openshift-task-manager/app/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openshift-task-manager/app/requirements.txt b/openshift-task-manager/app/requirements.txt
index 6119aea..1db48a7 100644
--- a/openshift-task-manager/app/requirements.txt
+++ b/openshift-task-manager/app/requirements.txt
@@ -1,3 +1,3 @@
 Flask==3.0.0
 flask-cors==4.0.0
-gunicorn==21.2.0
+gunicorn==23.0.0