Open AndreasEichhorn opened 1 year ago
ader1990
commented
1 year ago Hello,
There is a PR in progress that addresses this issue here:
https://github.com/cloudbase/cloudbase-init-installer/pull/28
It should be merged soon, and the new version of Cloudbase-Init installer will come with Python 3.10.x.
Thank you, Adrian Vladu
ader1990
commented
1 year ago Hello,
New nightly build installer was built using Python 3.10 - https://cloudbase.it/downloads/CloudbaseInitSetup_x64.msi .
Thank you, Adrian
AndreasEichhorn
commented
1 year ago new build still includes libeay32.dll version 1.0.2o which is effected by CVE 2022-2068 Python 3.10.7 should have openssl toolkit 1.1.1q in
ader1990
commented
1 year ago Hello,
The fixes have been merged in both cloudbase-init and installer code, and the MSI is available already at: https://cloudbase.it/downloads/CloudbaseInitSetup_x64.msi
https://github.com/cloudbase/cloudbase-init-installer/pull/30
https://review.opendev.org/c/x/cloudbase-init/+/866810
Thank you, Adrian.
AndreasEichhorn
commented
1 year ago Hi Adrian,
the new version was successfully tested on Open Telekom Cloud. Many Thanks. Will the stable version be updated as well?
Andreas
Cloudbase-Init contain very old VCruntime and Python versions, Python version is 3.6 with CVE 2022-1292 and CVE 2022-2068. Is it safe to update to Python version 3.11? Can we get a new Cloudbase-Init package with new versions of VCruntime and Python?