Hi Douglas, It looks to me like this was fixed in Python 3.6, 3.7, 3.8 and 3.9: From https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html: <https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html:> Fixed In <https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html#fixed-in> Python 3.6.13 (2021-02-16) fixed by commit e912e94 (branch 3.6) <https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b> (2020-10-20) Python 3.7.10 (2021-02-16) fixed by commit 43e5231 (branch 3.7) <https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9> (2020-10-20) Python 3.8.7 (2020-12-21) fixed by commit 6c6c256 (branch 3.8) <https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33> (2020-10-06) Python 3.9.1 (2020-12-07) fixed by commit b664a1d (branch 3.9) <https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794> (2020-10-06) So you should be able to address the CVE by upgrading to one of these patch versions. AFAIK we don't have a timeline for 3.9 support in Python for .NET yet. cheers, -Mark Mark Visser Senior Dev Manager, M&E Unity Technologies - www.unity3d.com <http://www.unity3d.com/>
On May 12, 2021, at 12:43 PM, Douglas Wyant (Aptly Technology Corporation) via PythonNet <pythonnet@python.org> wrote:
PythonNet, Hi folks, I have no idea if this is the correct way to engage support / ask questions, so please redirect me. We need to deploy Python v3.9 to resolve a known Security issue in older versions. I’m told we’re blocked on deploying until PythonNet is updated to support v3.9. So the question is when might that be?
https://bugs.python.org/issue41944 <https://bugs.python.org/issue41944> CVE-2020-27619: WIndows Python versions 3.0.0 through 3.9.0 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected Versions Python versions 3.0.0 through 3.9.0
Thanks,
Doug Wyant (Aptly Technology Corporation), GSEC, GCIH Service Engineer 2 Microsoft _______________________________________________ PythonNet mailing list -- pythonnet@python.org <mailto:pythonnet@python.org> To unsubscribe send an email to pythonnet-leave@python.org <mailto:pythonnet-leave@python.org> https://mail.python.org/mailman3/lists/pythonnet.python.org/ <https://mail.python.org/mailman3/lists/pythonnet.python.org/> Member address: markv@unity3d.com <mailto:markv@unity3d.com>