From slide.o.mix at gmail.com Tue Jan 2 14:49:08 2018 From: slide.o.mix at gmail.com (Slide) Date: Tue, 02 Jan 2018 19:49:08 +0000 Subject: [Ironpython-users] IronPython vulnerability patches between versions 2.7.1 and 2.7.7. In-Reply-To: <1514289649701.19295@schneider-electric-dms.com> References: <1514289649701.19295@schneider-electric-dms.com> Message-ID: I am not aware of any security vulnerabilities in IronPython. We haven't had any reported. Our implementation is very different from the C implementation, we use .NET framework classes as the basis for our libraries and language implementation. On Tue, Jan 2, 2018, 11:22 Nikola Luburic < nikola.luburic at schneider-electric-dms.com> wrote: > Hello, > > > In our solution we use IronPython version 2.7.1. Recently, one of our > clients has expressed concerns that earlier versions of Python (not > IronPython) have severe security vulnerabilities and has asked if there > were any vulnerabilities related to IronPython, which could be mitigated by > upgrading to the latest version (2.7.7.). > > > After some superficial research of your github, as well as an examination > of the common vulnerabilities databases, we weren't able to find any record > of issues related to IronPython specifically (while there were a number of > issues related to Python > ). > As these issues are mostly (but not exclusively) related to the VM and not > the language, we believe that they don't map to vulnerabilities of > IronPython. > > > The question I wanted to ask is: *Are you aware of any > security vulnerabilities that have been patched between IronPython 2.7.1. > and 2.7.7?*? While we realize that it is best practice to keep all our > tools and libraries up-to-date, updating IronPython would require us to > devote a number of our resources to proper regression testing, and if the > issues are non-existent or of low severity it would cost us more than we'd > gain. > > > Thank you for all your information in advance, > > > All the best, > > Nikola > > > ___________________________________________________________________________________________________________________________ > > > > *Nikola Luburi? M. Sc. | **Schneider Electric DMS NS** | Smart Grid IT | > SERBIA | Security Subject Matter Expert* > > *Phone:* +381 (0)21 488 3834* | Fax:* +381 (0)21 488 3789 > > *Email:* nikola.luburic at schneider-electric-dms.com *| Site: * > www.schneider-electric-dms.com *| Address:* Narodnog fronta 25A-D, 21000 > Novi Sad > > *** Please consider the environment before printing this e-mail > _______________________________________________ > Ironpython-users mailing list > Ironpython-users at python.org > https://mail.python.org/mailman/listinfo/ironpython-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: