We’re currently using Python 3.9.9. CVE-2022-26488 was just flagged in this Python release, and the suggested remediation for us is to move to Python 3.10.3. Python 3.10.3 is currently planned for release on April 4th, but standard remediation timelines prescribe that this vulnerability be addressed by March 24th based on when it was initially discovered. So I’m trying to figure out my options…
Is there some other Python release that would contain this fix sooner than March 24th (eg.- 3.9.x)?
Can 3.10.3 be released sooner?
Other?
Thanks in advance for your help with figuring out a path here.
Grant
Releases were planned for March 14th, but due to an impending OpenSSL update scheduled for March 15th, the Python releases will be postponed long enough to include OpenSSL 1.1.1n in the Windows and macOS installers.