[Ironpython-users] IronPython vulnerability patches between versions 2.7.1 and 2.7.7.
Slide
slide.o.mix at gmail.com
Tue Jan 2 14:49:08 EST 2018
I am not aware of any security vulnerabilities in IronPython. We haven't
had any reported. Our implementation is very different from the C
implementation, we use .NET framework classes as the basis for our
libraries and language implementation.
On Tue, Jan 2, 2018, 11:22 Nikola Luburic <
nikola.luburic at schneider-electric-dms.com> wrote:
> Hello,
>
>
> In our solution we use IronPython version 2.7.1. Recently, one of our
> clients has expressed concerns that earlier versions of Python (not
> IronPython) have severe security vulnerabilities and has asked if there
> were any vulnerabilities related to IronPython, which could be mitigated by
> upgrading to the latest version (2.7.7.).
>
>
> After some superficial research of your github, as well as an examination
> of the common vulnerabilities databases, we weren't able to find any record
> of issues related to IronPython specifically (while there were a number of
> issues related to Python
> <https://nvd.nist.gov/vuln/search/results?adv_search=true&cves=on&cpe_version=cpe:/a:python:python:2.7>).
> As these issues are mostly (but not exclusively) related to the VM and not
> the language, we believe that they don't map to vulnerabilities of
> IronPython.
>
>
> The question I wanted to ask is: *Are you aware of any
> security vulnerabilities that have been patched between IronPython 2.7.1.
> and 2.7.7?* While we realize that it is best practice to keep all our
> tools and libraries up-to-date, updating IronPython would require us to
> devote a number of our resources to proper regression testing, and if the
> issues are non-existent or of low severity it would cost us more than we'd
> gain.
>
>
> Thank you for all your information in advance,
>
>
> All the best,
>
> Nikola
>
>
> ___________________________________________________________________________________________________________________________
>
>
>
> *Nikola Luburić M. Sc. | **Schneider Electric DMS NS** | Smart Grid IT |
> SERBIA | Security Subject Matter Expert*
>
> *Phone:* +381 (0)21 488 3834* | Fax:* +381 (0)21 488 3789
>
> *Email:* nikola.luburic at schneider-electric-dms.com *| Site: *
> www.schneider-electric-dms.com *| Address:* Narodnog fronta 25A-D, 21000
> Novi Sad
>
> *** Please consider the environment before printing this e-mail
> _______________________________________________
> Ironpython-users mailing list
> Ironpython-users at python.org
> https://mail.python.org/mailman/listinfo/ironpython-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20180102/724210bd/attachment.html>
More information about the Ironpython-users
mailing list