Hi Folks,
Microsoft Defender is flagging all our servers that have NCPA 3.2.0 installed as vulnerable to a couple of CVEs discovered on Python 3.15.5.
I had a look on the changelog of 3.2.1 and it only mention about bug fixes - Nothing in relation to security.
I just need to confirm if there is any plans to patch that Python version on the next release? Since my company is very strictly regulated we need the information from the "vendor" to be able to risk accept it.
Thank you very much for your help on this,
Arthur.
Vulnerabilities on Python 3.13.5 used by NCPA 3.2.0
-
arthurkroth
- Posts: 13
- Joined: Mon Oct 14, 2024 9:54 am
Re: Vulnerabilities on Python 3.13.5 used by NCPA 3.2.0
Hello arthurkroth,
The NCPA 3.2.1 patch will not contain the security update you're asking for, but I will make sure that 3.2.2 does. This version should release sometime in December if nothing throws off our pace.
The NCPA 3.2.1 patch will not contain the security update you're asking for, but I will make sure that 3.2.2 does. This version should release sometime in December if nothing throws off our pace.
Actively advancing awesome answers with ardent alliteration, aptly addressing all ambiguities. Amplify your acumen and avail our amicable assistance. Eagerly awaiting your astute assessments of our advice.
-
arthurkroth
- Posts: 13
- Joined: Mon Oct 14, 2024 9:54 am
Re: Vulnerabilities on Python 3.13.5 used by NCPA 3.2.0
Hi bbanh,
Thanks for that
Thanks for that