Hi Everyone,
You're probably already aware, but the current version of NCPA contains a version of python which is affected by some recently published CVEs.
More details here.
https://github.com/NagiosEnterprises/ncpa/issues/1341
Hopefully we get a new version asap.
Thanks,
Peter.
NCPA Python vulnerabilities
Re: NCPA Python vulnerabilities
Hi @proddan,
Thanks for bringing this to our attention.
NCPA 3.2.3 which was released last week, shipped with the latest version of python3.13 that is currently available 3.13.11. It is also not immediately clear if updating to 3.14.2 or 3.15.0 (pre-release) would fix the vulnerabilities as the affected python versions in the CVE's are unspecified.
It's going to be at least a month before the next NCPA release. In the meantime, you can always download the source code for NCPA and build your own binaries with whatever version of python you like.
Thanks for bringing this to our attention.
NCPA 3.2.3 which was released last week, shipped with the latest version of python3.13 that is currently available 3.13.11. It is also not immediately clear if updating to 3.14.2 or 3.15.0 (pre-release) would fix the vulnerabilities as the affected python versions in the CVE's are unspecified.
It's going to be at least a month before the next NCPA release. In the meantime, you can always download the source code for NCPA and build your own binaries with whatever version of python you like.
Cheers,
- Cole
- Cole