[Ironpython-users] IronPython vulnerability patches between versions 2.7.1 and 2.7.7.

Nikola Luburic nikola.luburic at schneider-electric-dms.com
Tue Dec 26 07:00:49 EST 2017 

Hello,


In our solution we use IronPython version 2.7.1. Recently, one of our clients has expressed concerns that earlier versions of Python (not IronPython) have severe security vulnerabilities and has asked if there were any vulnerabilities related to IronPython, which could be mitigated by upgrading to the latest version (2.7.7.).


After some superficial research of your github, as well as an examination of the common vulnerabilities databases, we weren't able to find any record of issues related to IronPython specifically (while there were a number of issues related to Python<https://nvd.nist.gov/vuln/search/results?adv_search=true&cves=on&cpe_version=cpe:/a:python:python:2.7>). As these issues are mostly (but not exclusively) related to the VM and not the language, we believe that they don't map to vulnerabilities of IronPython.


The question I wanted to ask is: Are you aware of any security vulnerabilities that have been patched between IronPython 2.7.1. and 2.7.7?? While we realize that it is best practice to keep all our tools and libraries up-to-date, updating IronPython would require us to devote a number of our resources to proper regression testing, and if the issues are non-existent or of low severity it would cost us more than we'd gain.


Thank you for all your information in advance,


All the best,

Nikola
___________________________________________________________________________________________________________________________

Nikola Luburic M. Sc. | Schneider Electric DMS NS | Smart Grid IT | SERBIA | Security Subject Matter Expert
Phone: +381 (0)21 488 3834 | Fax: +381 (0)21 488 3789
Email: nikola.luburic at schneider-electric-dms.com<mailto:nikola.luburic at schneider-electric-dms.com> | Site: www.schneider-electric-dms.com<http://www.schneider-electric-dms.com/> | Address: Narodnog fronta 25A-D, 21000 Novi Sad
*** Please consider the environment before printing this e-mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20171226/6ca05b47/attachment.html>

More information about the Ironpython-users mailing list