multicast in source builds from vulnerable setuptools dependency

Some source-builds may be impacted by a CWE-1395 (eg. vulnerable setuptools dependency).
- Multicast prior to v2.0.9a3 on systems with minimal dependancies installed may use setuptools <78.1.1 and thus rely on a compromised dependency. In some cases there is a chance that source-builds would fail due to an exploit of the closely related CVE-2025-47273, or become arbitrarily modified.

Pre-release version v2.0.9a0 and later resolve the issue by bumping requirements to setuptools>=80.4
- Pre-release version v2.0.9a3 and later are recommended for improved stability over v2.0.9a0

Further hardening in v2.0.9a4+ of the build process in CI builds allowing source builds to be verified via GH attestations.

https://github.com/reactive-firewall/multicast/blob/c5c7c7de272421d944beca8452871bca6bfd151f/tests/requirements.txt#L32
https://github.com/reactive-firewall/multicast/blob/c5c7c7de272421d944beca8452871bca6bfd151f/docs/requirements.txt#L27
https://github.com/reactive-firewall/multicast/blob/c5c7c7de272421d944beca8452871bca6bfd151f/requirements.txt#L26
https://github.com/reactive-firewall/multicast/blob/c5c7c7de272421d944beca8452871bca6bfd151f/pyproject.toml#L2

No technical information available.

CWEs:

Software	From	Fixed in
multicast	-	2.0.9a0

Vulnerability Database