Blackduck reporting lzma.pyd as a xz utils component

As I understand lzma is a module that supports LZMA/XZ support, how to find the version of the lzma.py or lzma.pyd file.
Since Blackduck showing xz utils is without the version. if we want to upgrade how to upgrade lzma file alone.
attached the screenshot for the reference

attaching one more screenshot

You are checking for the xz comprised library?

What OS is this for?

If the lzma.pyd is dynamically linked to the xz/lzma library then for the xz security issue you would just check the lib version I assume.

The Windows build of CPython statically links liblzma into _lzma.pyd. liblzma is built from a copy of the xz source distribution stored in a cpython-controlled repository. The last several versions of Python have used xz version 5.2.5. We’re probably due for an update when there’s a commonly accepted clean new version :slight_smile:

Side note: Welcome :slight_smile: . When sharing text, it’s generally best to share it as text rather than as a screenshot. I think there’s supposed to be a pinned post giving some more detail on why exactly this is (and some other helpful stuff for getting along well in our community), but honestly I can’t find it. Hopefully someone else can share a link to it.

1 Like

Here it is:

Note that there is a default setting in Profile → Preferences → Interface:
“Automatically unpin topics when I reach the bottom.”

Also, you can view these pinned posts if you log out from the forum.

1 Like