Python version in NCPA 3.1.0 alert CVE-2024-0397
BlYuzucorp opened this issue · 4 comments
A defect was discovered in the Python “ssl” module where there is a memoryrace condition with the ssl.SSLContext methods “cert_store_stats()” and“get_ca_certs()”. The race condition can be triggered if the methods arecalled at the same time as certificates are loaded into the SSLContext,such as during the TLS handshake with a certificate directory configured.This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
It will be great to update the python version for Windows client.
I've updated the build's Python version on Windows to 3.12.5, but the Linux/Mac builds are stuck on 3.11.8 for now.
Good news for Windows. How you can release this version only for windows ?
The Windows, Linux and Mac builds are all different build processes. Each of them use cx_Freeze to bundle NCPA, but due to the platform differences, there are various things that must be done differently to build on each of them. Because of this, we are able to push ahead on some platforms, but are also sometimes held back on other platforms. We will update the Linux build as soon as it is compatible with Python 3.12/cx_Freeze 7.
Ok, do you plan to release windows version soon ?