setup-python icon indicating copy to clipboard operation
setup-python copied to clipboard
verified publisher icon actions

Missing Windows Installers for Python 3.9.x Versions Post-3.9.13

Open sirkiza opened this issue 1 year ago • 2 comments

Issue

No Windows installers have been released for Python versions 3.9.14 through 3.9.19, although they are available for Linux. The latest available Windows version, 3.9.13, is outdated and vulnerable.

Vulnerability

A vulnerability in urllib.parse allows attackers to bypass blocklisting methods by using URLs with leading blank characters.

Affected Versions:

Python versions prior to 3.7.17 3.8.0 to 3.8.17 (excluding) 3.9.0 to 3.9.17 (excluding) 3.10.0 to 3.10.12 (excluding) 3.11.0 to 3.11.4 (excluding)

Request

Please release updated Windows installers for Python 3.9.x versions to address these security issues.

Impact

Windows users are stuck with version 3.9.13, which contains known vulnerabilities.

sirkiza avatar Aug 16 '24 08:08 sirkiza

Hello @sirkiza 👋, Thank you for your report. We'll take a look at this issue and get back to you.

priyagupta108 avatar Aug 16 '24 14:08 priyagupta108

Hello @sirkiza, Python version 3.9 is in the stage of the lifecycle phase where we could expect only source-only security fix release for python version 3.9.14 - 3.9.19, hence we could see python releases only for linux and not for windows in the artifacts. The vulnerability for urllib.parse() has been addressed in python version 3.10 security section. Please check this url for the reference: https://docs.python.org/release/3.10.0/whatsnew/changelog.html#python-3-10-0-beta-1 You can try by upgrading the python version to 3.10 to overcome the vulnerability.

suyashgaonkar avatar Sep 16 '24 04:09 suyashgaonkar

Hi @sirkiza, We are awaiting for your response on the issue. Please let us know if we can close this issue if there are no further queries.

suyashgaonkar avatar Oct 03 '24 09:10 suyashgaonkar

Hey! I updated the python version for the newer major version. But I am still confused why don't you release new minor versions for Windows while python 3.9 is still supported.

sirkiza avatar Oct 03 '24 22:10 sirkiza

@sirkiza Binary installers are not available for Windows for these versions. You can go to https://www.python.org/downloads/windows and see the releases that have binary installers.

danyeaw avatar Oct 11 '24 01:10 danyeaw

Hello @sirkiza,New Python 3.9 artifacts cannot be created at this stage because Windows binaries for version 3.9 are not available. This is due to the lack of released Windows installers for Python versions 3.9.14 through 3.9.19, despite their availability for Linux. The latest available Windows version, 3.9.13. More details can be found at the following URL: Python 3.9.18 Release.

We are proceeding to close this issue as there is no action from setup-python.

aparnajyothi-y avatar Oct 11 '24 14:10 aparnajyothi-y