DocumentationELS for LibrariesFlask
sidebar hamburger menu

Flask

Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fixes for Flask. This allows you to continue running your Flask applications without vulnerability concerns, even after official support has ended.

Supported Flask Versions

  • Flask 0.12.5, 1.1.2, 1.1.4, 2.2.1

Other versions upon request.

Connection to ELS for Flask Repository

This guide outlines the steps needed to integrate the TuxCare ELS for Flask repository.

Step 1: Get user credentials

You need a username and password in order to use TuxCare ELS for Flask repository. Anonymous access is disabled. To receive the credentials please contact sales@tuxcare.com.

Step 2: Set Up ELS for Flask

To use TuxCare's ELS for Flask, follow one of the options below:

Option 1: Install a Package with ELS Repository via Command Line

You can install or upgrade a package directly using the ELS repository with your credentials:

pip install --upgrade \
  -i https://<username>:<password>@nexus.repo.tuxcare.com/repository/els_python/simple \
  flask

Replace <username> and <password> with the credentials provided by sales.

Option 2: Configure pip to Use the ELS Repository (Full Replacement)

This method is recommended if you want to use only ELS-patched Python packages from TuxCare and replace the default PyPI source with the TuxCare ELS repository.

  1. Create or update the pip configuration file and add the following:

    [global]
index-url = https://username:password@nexus.repo.tuxcare.com/repository/els_python/simple

  2. Run the command to install the latest package version:

    pip install --upgrade flask

    Or install a specific patched TuxCare version, for example:

    pip install flask==1.1.2.post1+tuxcare

Option 3: Add the TuxCare ELS Repository as Additional (recommended)

If you want to keep using public PyPI and fetch only specific patched packages from TuxCare, use extra-index-url instead. In this configuration, make sure to specify the exact patched version (step 2 below), otherwise pip may install the version from public PyPI.

  1. Create or update the pip configuration file and add the following:

    [global]
extra-index-url = https://username:password@nexus.repo.tuxcare.com/repository/els_python/simple

  2. Run the command to install a specific patched TuxCare version, for example:

    pip install flask==1.1.2.post1+tuxcare

Upgrading to a Newer TuxCare Version

To upgrade to a newer TuxCare release (e.g., from version.post1+tuxcare to version.post2+tuxcare) use the same installation method you used above and specify the newer package version.

Vulnerability Exploitability eXchange (VEX)

VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives, helps prioritize real risks.

TuxCare provides VEX for Flask ELS versions: security.tuxcare.com/vex/cyclonedx/els_lang_python/flask/.

Resolved CVEs

Fixes for the following vulnerabilities are available in ELS for Flask from TuxCare versions:

CVE IDSeverityLibraryVulnerable VersionsSafe Version
CVE-2023-30861Highflask< 2.2.51.1.2.post1+tuxcare
CVE-2023-30861Highflask< 2.2.51.1.4.post1+tuxcare
CVE-2023-30861Highflask< 2.2.52.2.1.post1+tuxcare
CVE-2019-1010083Highflask< 1.00.12.5.post1+tuxcare

If you are interested in the TuxCare Endless Lifecycle Support, contact sales@tuxcare.com.

icon penEdit this page
Scroll up