Hello,
My static code scan has marked the Gevent version being used by Mayan as vulnerable, see below:
An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.
Is this something the project can maybe pickup or was this already on your radar for a coming release?