Re: Vulnerabilities on python packages
Hi Francisco
None of the listed vulnerabilities affect any of the shell functionality.
Regarding the Upgrade Plans
We can classify the bundled python libraries in 2 groups: the ones that come with standard python distribution (like setup tools) and the ones that are additionally included (like cryptography).
We only bundle a complete python distribution on those shell packages targeted for platforms that not necessarily have a compatible python version available in the system.
The bundled python package is upgraded normally by 2 reasons:
- The bundled version contains vulnerabilities that affect the shell.
- A newer version of python contains functionality desired for the shell.
On the other hand, we bundle the additional libraries in all cases. These packages are upgraded in a regular basis release after release even if they don't have vulnerabilities affecting the shell. The coming releases use openssl 3.0.9 and cryptography 39.0.2 which are out of the affected versions.
Subject
Views
Written By
Posted
556
June 06, 2023 08:24AM
Re: Vulnerabilities on python packages
283
June 06, 2023 08:53PM
295
August 31, 2023 03:46AM
217
November 03, 2023 05:08AM
212
January 26, 2024 09:20AM
334
September 08, 2023 07:29AM
Sorry, only registered users may post in this forum.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.