From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by sourceware.org (Postfix) with ESMTPS id 7BDBD384AB7E for ; Tue, 23 Apr 2024 18:51:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7BDBD384AB7E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSW.ab.ca Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=SystematicSW.ab.ca ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7BDBD384AB7E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=216.40.44.10 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713898271; cv=none; b=jrm2umAbVCN/j6u/FE3y0kqAp/MKVGMrgRh8sSwFFle2/RGtZj94s+Vq/Y4VT5dVHAduUB2zQp1fs+8mSycQ0xqlSb06CMwhqr0JsU9bs1FqxEaGod05XXRZGMsVGqFDaeo7RYwHs2JVa2bjgEwHEUk+YWm4WN4vcx9I08f7cl8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713898271; c=relaxed/simple; bh=xD6+UjbBEoXnX7Cp8dHuejAGWe8IwZU0Ii0X5O6fps8=; h=Message-ID:Date:MIME-Version:Subject:To:From; b=QG1rSuP/Navg34StQ9wrTPBOTfoCzNFQKV6eDqpQMYxUaF4oOBjD7/SAxdLmsFdjB+irmMUyEN+gqA/nVDx4MqUMCEByCoVD2Zd4r7SxLgBom7+7RcijExAje1iaw+/EAd2kL7RXBY1vo0rq1/8abmEIRoTgkbNk4bsdd0XR6pg= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from omf20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id F07A5A084F for ; Tue, 23 Apr 2024 18:51:06 +0000 (UTC) Received: from [HIDDEN] (Authenticated sender: Brian.Inglis@SystematicSW.ab.ca) by omf20.hostedemail.com (Postfix) with ESMTPA id 74C5520028 for ; Tue, 23 Apr 2024 18:51:05 +0000 (UTC) Message-ID: <6b09ddd1-070f-4bab-87d8-0c8f733b6da3@SystematicSW.ab.ca> Date: Tue, 23 Apr 2024 12:51:04 -0600 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Reply-To: cygwin@cygwin.com Subject: Re: [Question] When the cygwin support Python version 3.11.5 or newer? Content-Language: en-CA To: cygwin@cygwin.com References: From: Brian Inglis Organization: Systematic Software In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 74C5520028 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,TXREP,UNPARSEABLE_RELAY,URIBL_SBL_A autolearn=no autolearn_force=no version=3.4.6 X-Stat-Signature: ags54d65zceg57qbf38363yqedu9dw9s X-Rspamd-Server: rspamout05 X-Session-Marker: 427269616E2E496E676C69734053797374656D6174696353572E61622E6361 X-Session-ID: U2FsdGVkX1/kBOmF68HO3pDdtpyD+s9+xvt+EI9HROU= X-HE-Tag: 1713898265-209104 X-HE-Meta: U2FsdGVkX19/maqSoXZQSkArcoaJvZI2A7c6Xxc433MNQrX9pBdDMM/6CndqkoyQ7K3BZZOJZdD3r3Bxg7AYXsDELFJJU0Swi6OcwJkoT9pr8RDdokkN7inhX58smXoIoSEesIDDYuj5c5vhDynFvfDl+QTL6DrJzU0JOl/ngTnSkrQfHt71kkaEr3WFu3HHW/aa2mGQHbLP1f+6h6C1CNTYVyeLUftXq3jtgXd86bWNPLlblbwROxatsr1V8DAj//SgZVKheGPYcnCVVjiqzK1JNVrTkFT6jQ/TVyMBhoRddvLymvmSqpTFNHmpyoBs9YpTIPtO0c1ukJT85wc6AVG++Sn6WzUn6VZbmKdOtEESyfEFc6wg6i6IcFrWy1z9rdyuTcftvhdyLSjpcvuvUyZd6RIH0VCqD6JT6LVP3GbgvnwwtkiIlSNjwq4AW0TS/NLlNb7cf2cvoYgOYqed1Swn71mdht1uCwKkomh5WSviWQfjJzdTLHZxTGadc9Jd+Xf/XrI2zFKaDycXoFnVWEiKqflkGCsX8tzi4nHy8aTfzO9emjKl6gXJT4P6bHSn X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2024-04-21 18:25, Zhike Wang via Cygwin wrote: > Any update/advice for this topic? Or should I raise a ticket to other Cygwin Mailing Lists? There are no tickets and no other lists - this is the list for Cygwin issues. > On April 18, 2024 20:29, Zhike Wang wrote: >> At the moment, I use python 3.9.16 under Cygwin environment while my >> company IT alert me there is a severity risk for python 3.9.16 which need >> be upgraded to Python version 3.11.5 or newer asap. >> I have tried to use Cygwin setup(setup-x86_64) to update the python version >> but it looks Cygwin only support python up to version 3.9.18 at the >> moment. >> So I would like to check with experts when the Cygwin can support Python >> 3.11.5 or newer version? >> Thank you very much. It appears that this is not how python is maintained, as all python modules and packages have to be rebuilt for each major version, so fixes are applied to each supported major version e.g 3.9! The web page below is more useful as it shows the current latest python release with all known core vulnerabilities fixed for each major version: https://maikuolan.github.io/Vulnerability-Charts/python.html for a few other packages see: https://maikuolan.github.io/Vulnerability-Charts/ https://github.com/Maikuolan/Vulnerability-Charts so 3.{8,9}.19+ should fix all currently known security issues with 3.{8,9}; other releases are required for newer versions. And 3.11.5 has issues, 3.11.9 is fixed: let your co IT know this! Please note also that some vulnerabilities are specific to only certain platforms and capabilities e.g. Linux: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919 https://nvd.nist.gov/vuln/detail/CVE-2022-42919 -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry