From: Brian Inglis <Brian.Inglis@SystematicSW.ab.ca>
To: cygwin@cygwin.com
Subject: Re: [Question] When the cygwin support Python version 3.11.5 or newer?
Date: Tue, 23 Apr 2024 12:51:04 -0600 [thread overview]
Message-ID: <6b09ddd1-070f-4bab-87d8-0c8f733b6da3@SystematicSW.ab.ca> (raw)
In-Reply-To: <AM6PR07MB5685A0B746622F7D412904C5AA122@AM6PR07MB5685.eurprd07.prod.outlook.com>
On 2024-04-21 18:25, Zhike Wang via Cygwin wrote:
> Any update/advice for this topic? Or should I raise a ticket to other Cygwin Mailing Lists?
There are no tickets and no other lists - this is the list for Cygwin issues.
> On April 18, 2024 20:29, Zhike Wang wrote:
>> At the moment, I use python 3.9.16 under Cygwin environment while my
>> company IT alert me there is a severity risk for python 3.9.16 which need
>> be upgraded to Python version 3.11.5 or newer asap.
>> I have tried to use Cygwin setup(setup-x86_64) to update the python version
>> but it looks Cygwin only support python up to version 3.9.18 at the
>> moment.
>> So I would like to check with experts when the Cygwin can support Python
>> 3.11.5 or newer version?
>> Thank you very much.
It appears that this is not how python is maintained, as all python modules and
packages have to be rebuilt for each major version, so fixes are applied to each
supported major version e.g 3.9!
The web page below is more useful as it shows the current latest python release
with all known core vulnerabilities fixed for each major version:
https://maikuolan.github.io/Vulnerability-Charts/python.html
for a few other packages see:
https://maikuolan.github.io/Vulnerability-Charts/
https://github.com/Maikuolan/Vulnerability-Charts
so 3.{8,9}.19+ should fix all currently known security issues with 3.{8,9};
other releases are required for newer versions.
And 3.11.5 has issues, 3.11.9 is fixed: let your co IT know this!
Please note also that some vulnerabilities are specific to only certain
platforms and capabilities e.g. Linux:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919
https://nvd.nist.gov/vuln/detail/CVE-2022-42919
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
prev parent reply other threads:[~2024-04-23 18:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-18 12:28 Zhike Wang (EXT)
2024-04-22 0:25 ` Zhike Wang (EXT)
2024-04-23 14:30 ` J M
2024-04-23 18:51 ` Brian Inglis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6b09ddd1-070f-4bab-87d8-0c8f733b6da3@SystematicSW.ab.ca \
--to=brian.inglis@systematicsw.ab.ca \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).