Hi guys,

Am I missing something here, because Python.Net v2.5.2 already supports Python 
3.9:

https://github.com/pythonnet/pythonnet/releases

"Additionally, includes support for Python 3.9"

Regards,
Vince
________________________________
From: Mark Visser <[email protected]>
Sent: 13 May 2021 17:14
To: A list for users and developers of Python.NET <[email protected]>
Cc: Di Yang (PACTERA TECHNOLOGIES INC) <[email protected]>; Douglas Wyant 
(Aptly Technology Corporation) <[email protected]>
Subject: [Python.NET] Re: Support for Python v3.9

Hi Douglas,

It looks to me like this was fixed in Python 3.6, 3.7, 3.8 and 3.9:

>From https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html:

Fixed 
In<https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html#fixed-in>

  *   Python 3.6.13 (2021-02-16) fixed by commit e912e94 (branch 
3.6)<https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b>
 (2020-10-20)
  *   Python 3.7.10 (2021-02-16) fixed by commit 43e5231 (branch 
3.7)<https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9>
 (2020-10-20)
  *   Python 3.8.7 (2020-12-21) fixed by commit 6c6c256 (branch 
3.8)<https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33>
 (2020-10-06)
  *   Python 3.9.1 (2020-12-07) fixed by commit b664a1d (branch 
3.9)<https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794>
 (2020-10-06)

So you should be able to address the CVE by upgrading to one of these patch 
versions. AFAIK we don't have a timeline for 3.9 support in Python for .NET yet.

cheers,
-Mark

Mark Visser
Senior Dev Manager, M&E
Unity Technologies - www.unity3d.com<http://www.unity3d.com/>






On May 12, 2021, at 12:43 PM, Douglas Wyant (Aptly Technology Corporation) via 
PythonNet <[email protected]<mailto:[email protected]>> wrote:

PythonNet,
                Hi folks, I have no idea if this is the correct way to engage 
support / ask questions, so please redirect me.  We need to deploy Python v3.9 
to resolve a known Security issue in older versions.  I’m told we’re blocked on 
deploying until PythonNet is updated to support v3.9.  So the question is when 
might that be?

https://bugs.python.org/issue41944
CVE-2020-27619: WIndows
Python versions 3.0.0 through 3.9.0 are susceptible to a vulnerability which 
when successfully exploited could lead to disclosure of sensitive information, 
addition or modification of data, or Denial of Service (DoS).
Affected Versions
Python versions 3.0.0 through 3.9.0

Thanks,

Doug Wyant (Aptly Technology Corporation), GSEC, GCIH
Service Engineer 2
Microsoft
_______________________________________________
PythonNet mailing list -- [email protected]<mailto:[email protected]>
To unsubscribe send an email to 
[email protected]<mailto:[email protected]>
https://mail.python.org/mailman3/lists/pythonnet.python.org/
Member address: [email protected]<mailto:[email protected]>

_______________________________________________
PythonNet mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/pythonnet.python.org/
Member address: [email protected]

Reply via email to