MySQL Forums
Forum List  »  MySQL Shell

Re: Vulnerabilities on python packages
Posted by: Juan Rene Ramirez Monarrez
Date: June 06, 2023 08:53PM

Hi Francisco

None of the listed vulnerabilities affect any of the shell functionality.

Regarding the Upgrade Plans

We can classify the bundled python libraries in 2 groups: the ones that come with standard python distribution (like setup tools) and the ones that are additionally included (like cryptography).

We only bundle a complete python distribution on those shell packages targeted for platforms that not necessarily have a compatible python version available in the system.

The bundled python package is upgraded normally by 2 reasons:

- The bundled version contains vulnerabilities that affect the shell.
- A newer version of python contains functionality desired for the shell.


On the other hand, we bundle the additional libraries in all cases. These packages are upgraded in a regular basis release after release even if they don't have vulnerabilities affecting the shell. The coming releases use openssl 3.0.9 and cryptography 39.0.2 which are out of the affected versions.

Options: ReplyQuote


Subject
Views
Written By
Posted
Re: Vulnerabilities on python packages
164
June 06, 2023 08:53PM
116
November 03, 2023 05:08AM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.