Menu
▾
▴
jython-dev
|
From: Ravneet S. <rav...@al...> - 2019-10-25 13:54:27
|
Hi Team We are using Jython 2.5.3, and those Jython libraries contains Python files also. Now for any security vulnerability reported in Python 2.X , we had been referring the solution from python.org website and updating those code files in the Jython libraries. Now since Python 2.X is going End Of Life as mentioned by python.org from Jan 2020, then we have few questions here: 1. How can we get the security fixes for the security issues/CVEs reported in python 2.X files which are also used in Jython library. 2. And, will jython.org would be providing the security fixes for the security issues/CVEs reported in Python 2.X . 3. And, when will the Jython 3 corresponding to Python 3.X getting released. Is there any proposed date for the same. Apart from this, any suggestion from your side for users of Jython 2.X taking in view that Python 2 is going End of Life. Thanks Ravneet Singh ===================================================== Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. ===================================================== |
|
From: Aditya R. <adi...@al...> - 2020-07-07 12:10:48
|
Hello Team, We having few query related to Jython 2.x and after EOL of Python 2 what was the impact on Jython 2.x. I also checked that current Jython release is 2.7.2. In our tool , we are using jython version 2.5.3, In timely manner some security vulnerablities are also getting reported on Python, then Python usuallly release fixes for these vulnerability for its various stream(such as 2.7, 3.5, 3.6 ..etc). To overcome these security issue in our jython 2.5.3 , we simply merges the code in our jython files from the patched file released in Python 2.7 stream. But after EOL of Python 2.x , no official fix is releasing for Python 2.x stream.We are unable to handle those security vulnerability in Jython 2.5.3. Few queries are : * How we handle/fix those reported vulnerability for Python 2 in jython 2.x libraries ? * For Jython users. will jython.org would be providing fix for the same vulnerability which will reported in Python 2 stream?or any plan in future? * Is jython 2.x having resemblance with python 2.x libraries only?or python 3.x also supported in jython 2.x?As currently jython version is 2.7.2 but python having 3.7.x version . Can you please clarify Is any particular jython version supports any specific Python version libraries? * Is any plan to release jython 3.x libraries to incorporate or support python 3.x in it? We are currently blocked for few security vulnerabilties implementation in jython 2.5.3. Your suggestion is helpful here. Please respond Thanks Aditya Raj ________________________________ From: Aditya Raj Sent: Tuesday, July 7, 2020 4:49 PM To: jyt...@li... <jyt...@li...> Cc: Ravneet Singh <rav...@ar...>; Prashant Kumar <pra...@ar...> Subject: Python 2 End of Support Impact on Jython 2 Hello Team, We having few query related to Jython 2.x and after EOL of Python 2 what was the impact on Jython 2.x. I also checked that current Jython release is 2.7.2. In our tool , we are using jython version 2.5.3, In timely manner some security vulnerablities are also getting reported on Python, then Python usuallly release fixes for these vulnerability for its various stream(such as 2.7, 3.5, 3.6 ..etc). To overcome these security issue in our jython 2.5.3 , we simply merges the code in our jython files from the patched file released in Python 2.7 stream. But after EOL of Python 2.x , no official fix is releasing for Python 2.x stream.We are unable to handle those security vulnerability in Jython 2.5.3. Few queries are : * How we handle/fix those reported vulnerability for Python 2 in jython 2.x libraries ? * For Jython users. will jython.org would be providing fix for the same vulnerability which will reported in Python 2 stream?or any plan in future? * Is jython 2.x having resemblance with python 2.x libraries only?or python 3.x also supported in jython 2.x?As currently jython version is 2.7.2 but python having 3.7.x version . Can you please clarify Is any particular jython version supports any specific Python version libraries? * Is any plan to release jython 3.x libraries to incorporate or support python 3.x in it? We are currently blocked for few security vulnerabilties implementation in jython 2.5.3. Your suggestion is helpful here. Please respond Thanks Aditya Raj ===================================================== Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. ===================================================== |
|
From: Jeff A. <ja...@fa...> - 2020-07-10 10:21:14
|
Hello Aditya. 2.5.3 is not supported. We recognise upgrading is a big step, and would be interested if there is something about 2.7.2 that deters you. In the run-up to 2.7.2 we upgraded a number of JARs in the interests of security. We don't want to leave Jython 2.7.x unsupported until there's a viable successor. Work is going on (behind the scenes) towards a Jython 3 interpreter. Work on 2.7.3 detracts from progress on Jython 3, which we'd all rather see. The libraries that come with Jython 2.7 are CPython 2.7 libraries with some replacements specific to Jython. We have not actively tracked the CPython version of the stdlib. (There are definitely bugs.) Updating yourself beyond what is supplied is entirely at your risk. You will realise this, and you must have a good understanding of the libraries, or it wouldn't be working for you at all. You cannot (nor can we) just add libraries from CPython 3 to Jython 2.7.x, except in very limited cases. It takes a new compiler, changes to the object model, and a hundred other things: Jython 3.x in fact. I've sometimes taken snippets of code from the Python 3 stdlib, e.g where the tests were more comprehensive. That's all. We are thinking of Jython 3.8, which would come with CPython 3.8.x stdlib (where x is the latest available). Big job: foolish to offer a date. HTH Jeff Allen On 07/07/2020 12:55, Aditya Raj wrote: > Hello Team, > > We having few query related to Jython 2.x and after EOL of Python 2 > what was the impact on Jython 2.x. > I also checked that current Jython release is 2.7.2. > > In our tool , we are using jython version 2.5.3, In timely manner some > security vulnerablities are also getting reported on Python, then > Python usuallly release fixes for these vulnerability for its various > stream(such as 2.7, 3.5, 3.6 ..etc). > To overcome these security issue in our jython 2.5.3 , we simply > merges the code in our jython files from the patched file released in > Python 2.7 stream. But after EOL of Python 2.x , no official fix is > releasing for Python 2.x stream.We are unable to handle those security > vulnerability in Jython 2.5.3. > > Few queries are : > > * How we handle/fix those reported vulnerability for Python 2 in > jython 2.x libraries ? > * For Jython users. will jython.org would be providing fix for the > same vulnerability which will reported in Python 2 stream?or any > plan in future? > * Is jython 2.x having resemblance with python 2.x libraries only?or > python 3.x also supported in jython 2.x?As currently jython > version is 2.7.2 but python having 3.7.x version . Can you please > clarify Is any particular jython version supports any specific > Python version libraries? > * Is any plan to release jython 3.x libraries to incorporate or > support python 3.x in it? > > We are currently blocked for few security vulnerabilties > implementation in jython 2.5.3. > Your suggestion is helpful here. Please respond > > Thanks > Aditya Raj > > > > ------------------------------------------------------------------------ > *From:* Aditya Raj > *Sent:* Tuesday, July 7, 2020 4:49 PM > *To:* jyt...@li... <jyt...@li...> > *Cc:* Ravneet Singh <rav...@ar...>; Prashant Kumar > <pra...@ar...> > *Subject:* Python 2 End of Support Impact on Jython 2 > Hello Team, > > We having few query related to Jython 2.x and after EOL of Python 2 > what was the impact on Jython 2.x. > I also checked that current Jython release is 2.7.2. > > In our tool , we are using jython version 2.5.3, In timely manner some > security vulnerablities are also getting reported on Python, then > Python usuallly release fixes for these vulnerability for its various > stream(such as 2.7, 3.5, 3.6 ..etc). > To overcome these security issue in our jython 2.5.3 , we simply > merges the code in our jython files from the patched file released in > Python 2.7 stream. But after EOL of Python 2.x , no official fix is > releasing for Python 2.x stream.We are unable to handle those security > vulnerability in Jython 2.5.3. > > Few queries are : > > * How we handle/fix those reported vulnerability for Python 2 in > jython 2.x libraries ? > * For Jython users. will jython.org would be providing fix for the > same vulnerability which will reported in Python 2 stream?or any > plan in future? > * Is jython 2.x having resemblance with python 2.x libraries only?or > python 3.x also supported in jython 2.x?As currently jython > version is 2.7.2 but python having 3.7.x version . Can you please > clarify Is any particular jython version supports any specific > Python version libraries? > * Is any plan to release jython 3.x libraries to incorporate or > support python 3.x in it? > > We are currently blocked for few security vulnerabilties > implementation in jython 2.5.3. > Your suggestion is helpful here. Please respond > > Thanks > Aditya Raj > > ===================================================== > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > ===================================================== > > > _______________________________________________ > Jython-dev mailing list > Jyt...@li... > https://lists.sourceforge.net/lists/listinfo/jython-dev |
|
From: Adam B. <ada...@gm...> - 2019-10-26 08:49:39
|
Hi Ravneet Firstly, did you realise the latest official release is 2.7.1? 2.7.2 beta should also be soon. 2.5.3 is quite old. 2.7.1 and 2.7.2 include a number of specifically security fixes, since that seems to be the main driver for yourselves. I imagine at least some of the fixes you've been applying have already been applied to the current dev version. If you have made patches that haven't otherwise been picked up, it would be great if you could contribute them back, going through the usual review process, of course. That would also mean minimal merge effort to you when they were in the trunk. On end of life. The informal consensus is that as there isn't a Jython 3.x yet, it would be unreasonable to make Jython 2.x EOL at the same date as CPython 2.x, and Jython 2.x will continue well into 2020. The core Jython devs and the PSF are trying to get a clearer statement on dates together that both can be fairly happy with. Cheers Adam On Fri, 25 Oct 2019 at 23:55, Ravneet Singh <rav...@al...> wrote: > Hi Team > > > > We are using Jython 2.5.3, and those Jython libraries contains Python > files also. Now for any security vulnerability reported in Python 2.X , we > had been referring the solution from python.org website and updating > those code files in the Jython libraries. Now since Python 2.X is going End > Of Life as mentioned by python.org from Jan 2020, then we have few > questions here: > > 1. How can we get the security fixes for the security issues/CVEs > reported in python 2.X files which are also used in Jython library. > 2. And, will jython.org would be providing the security fixes for the > security issues/CVEs reported in Python 2.X . > 3. And, when will the Jython 3 corresponding to Python 3.X getting > released. Is there any proposed date for the same. > > > > Apart from this, any suggestion from your side for users of Jython 2.X > taking in view that Python 2 is going End of Life. > > > > Thanks > > Ravneet Singh > ===================================================== > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > ===================================================== > _______________________________________________ > Jython-dev mailing list > Jyt...@li... > https://lists.sourceforge.net/lists/listinfo/jython-dev > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X