[Ironpython-users] IronPython vulnerability patches between versions 2.7.1 and 2.7.7.

Tue, 02 Jan 2018 11:23:04 -0800 

Hello,


In our solution we use IronPython version 2.7.1. Recently, one of our clients 
has expressed concerns that earlier versions of Python (not IronPython) have 
severe security vulnerabilities and has asked if there were any vulnerabilities 
related to IronPython, which could be mitigated by upgrading to the latest 
version (2.7.7.).


After some superficial research of your github, as well as an examination of 
the common vulnerabilities databases, we weren't able to find any record of 
issues related to IronPython specifically (while there were a number of issues 
related to 
Python<https://nvd.nist.gov/vuln/search/results?adv_search=true&cves=on&cpe_version=cpe:/a:python:python:2.7>).
 As these issues are mostly (but not exclusively) related to the VM and not the 
language, we believe that they don't map to vulnerabilities of IronPython.


The question I wanted to ask is: Are you aware of any security vulnerabilities 
that have been patched between IronPython 2.7.1. and 2.7.7?? While we realize 
that it is best practice to keep all our tools and libraries up-to-date, 
updating IronPython would require us to devote a number of our resources to 
proper regression testing, and if the issues are non-existent or of low 
severity it would cost us more than we'd gain.


Thank you for all your information in advance,


All the best,

Nikola
___________________________________________________________________________________________________________________________

Nikola Luburic M. Sc. | Schneider Electric DMS NS | Smart Grid IT | SERBIA | 
Security Subject Matter Expert
Phone: +381 (0)21 488 3834 | Fax: +381 (0)21 488 3789
Email: 
nikola.lubu...@schneider-electric-dms.com<mailto:nikola.lubu...@schneider-electric-dms.com>
 | Site: www.schneider-electric-dms.com<http://www.schneider-electric-dms.com/> 
| Address: Narodnog fronta 25A-D, 21000 Novi Sad
*** Please consider the environment before printing this e-mail

_______________________________________________
Ironpython-users mailing list
Ironpython-users@python.org
https://mail.python.org/mailman/listinfo/ironpython-users

Reply via email to