From nikola.luburic at schneider-electric-dms.com Tue Dec 26 07:00:49 2017 From: nikola.luburic at schneider-electric-dms.com (Nikola Luburic) Date: Tue, 26 Dec 2017 12:00:49 +0000 Subject: [Ironpython-users] IronPython vulnerability patches between versions 2.7.1 and 2.7.7. Message-ID: <1514289649701.19295@schneider-electric-dms.com> Hello, In our solution we use IronPython version 2.7.1. Recently, one of our clients has expressed concerns that earlier versions of Python (not IronPython) have severe security vulnerabilities and has asked if there were any vulnerabilities related to IronPython, which could be mitigated by upgrading to the latest version (2.7.7.). After some superficial research of your github, as well as an examination of the common vulnerabilities databases, we weren't able to find any record of issues related to IronPython specifically (while there were a number of issues related to Python). As these issues are mostly (but not exclusively) related to the VM and not the language, we believe that they don't map to vulnerabilities of IronPython. The question I wanted to ask is: Are you aware of any security vulnerabilities that have been patched between IronPython 2.7.1. and 2.7.7?? While we realize that it is best practice to keep all our tools and libraries up-to-date, updating IronPython would require us to devote a number of our resources to proper regression testing, and if the issues are non-existent or of low severity it would cost us more than we'd gain. Thank you for all your information in advance, All the best, Nikola ___________________________________________________________________________________________________________________________ Nikola Luburic M. Sc. | Schneider Electric DMS NS | Smart Grid IT | SERBIA | Security Subject Matter Expert Phone: +381 (0)21 488 3834 | Fax: +381 (0)21 488 3789 Email: nikola.luburic at schneider-electric-dms.com | Site: www.schneider-electric-dms.com | Address: Narodnog fronta 25A-D, 21000 Novi Sad *** Please consider the environment before printing this e-mail -------------- next part -------------- An HTML attachment was scrubbed... URL: