June 2024 Release Notes - Python 2.7 Extended Support

ActivePython Enterprise Versions with Fix: 2.7.18.9

This is both a feature change release and a content release. At this release, the new back end regains support for projects that contain OS X 11 builds. Tkinter/Tcl support has been restored for Windows.

Known issues

(Specific to 2.7.18.9) Scipy support removed from all platforms for this release.

(Not version specific) ActivePython ships with dormant pip/setuptools by default. These can be replaced post-installation using python -m ensurepip, but if a specific pip or setuptools version is desired that should be added to the configuration.

Python Core CVEs

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.8 and prior
Severity: High
URL: CVE-2022-45061

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.8 and prior
Severity: High
URL: CVE-2022-48560

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.8 and prior
Severity: Medium
URL: CVE-2017-18207

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.8 and prior
Severity: Medium
URL: CVE-2022-48566

Updated Python Package CVEs

No changes

Updated Libraries CVEs

No changes

May 2024 Release

ActivePython Enterprise Versions with Fix: 2.7.18.8

This is both a feature change release needed to migrate the Python2 builders to a new back end, and a content release. At this release, the new back end supports projects that contain Linux builds for Glibc 2.17 and/or 2.28, and adds support for Windows 64 bit. Other platforms remain at the 2.7.18.6 release.

Known issues

Windows builds have Tkinter/Tcl support removed for this release.

Python Core CVEs

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.7 and prior
Severity: Critical
URL: CVE-2022-48565

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.7 and prior
Severity: High
URL: CVE-2023-24329

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.7 and prior
Severity: Medium
URL: CVE-2023-40217

Updated Python Package CVEs

Package: pillow
Versions Impacted: 6.2.2.5
Severity: Critical
URL: CVE-2022-22817

Package: pillow
Versions Impacted: 6.2.2.5
Severity: Critical
URL: CVE-2022-24303

Package: gevent
Versions Impacted: 1.3.2.post0
Severity: Critical
URL: CVE-2023-41419

Package: cryptography
Versions Impacted: 3.3.2
Severity: High
URL: CVE-2023-49083

Package: mako
Versions Impacted: 1.1.6
Severity: High
URL: CVE-2022-40023

Package: pillow
Versions Impacted: 6.2.2.5
Severity: High
URL: 2020-10379

Package: twisted
Versions Impacted: 20.3.0.1
Severity: High
URL: CVE-2022-21712

Package: twisted
Versions Impacted: 20.3.0.1
Severity: High
URL: CVE-2022-24801

Package: cryptography
Versions Impacted: 3.3.2
Severity: Medium
URL: CVE-2023-23931

Package: pillow
Versions Impacted: 6.2.2.5
Severity: Medium
URL: CVE-2020-10177

Package: pillow
Versions Impacted: 6.2.2.5
Severity: Medium
URL: CVE-2020-10378

Package: pillow
Versions Impacted: 6.2.2.5
Severity: Medium
URL: CVE-2020-10994

Package: pillow
Versions Impacted: 6.2.2.5
Severity: Medium
URL: CVE-2020-35655

Package: pillow
Versions Impacted: 6.2.2.5
Severity: Medium
URL: CVE-2021-25292

Package: pillow
Versions Impacted: 6.2.2.5
Severity: Medium
URL: CVE-2021-28678

Package: pygments
Versions Impacted: 2.5.2.1
Severity: Medium
URL: CVE-2022-40896

Package: tornado
Versions Impacted: 5.1.1
Severity: Medium
URL: CVE-2023-28370

Package: twisted
Versions Impacted: 20.3.0.1
Severity: Medium
URL: CVE-2022-39348

Updated Libraries CVEs

Package: zlib
Versions Impacted: 1.2.12.1
Severity: Critical
URL: CVE-2023-45853

Package: expat
Versions Impacted: 2.5.0
Severity: High
URL: CVE-2023-52425

Package: libxml2
Versions Impacted: 2.9.10
Severity: High
URL: CVE-2020-7595

Package: libxml2
Versions Impacted: 2.9.10
Severity: High
URL: CVE-2021-3517

Package: libxml2
Versions Impacted: 2.9.10
Severity: High
URL: CVE-2021-3518

Package: libxml2
Versions Impacted: 2.9.10
Severity: High
URL: CVE-2019-20388

Package: libxml2
Versions Impacted: 2.9.10
Severity: High
URL: CVE-2022-23308

Package: libxml2
Versions Impacted: 2.9.10
Severity: High
URL: CVE-2022-40303

Package: libxml2
Versions Impacted: 2.9.10
Severity: High
URL: CVE-2022-40304

Package: libxslt
Versions Impacted: 1.1.34
Severity: High
URL: CVE-2021-30560

Package: expat
Versions Impacted: 2.5.0
Severity: Medium
URL: CVE-2023-52426

Package: libxml2
Versions Impacted: 2.11.5
Severity: Medium
URL: CVE-2023-45322

Package: libxml2
Versions Impacted: 2.9.10
Severity: Medium
URL: CVE-2016-3709

Package: libxml2
Versions Impacted: 2.9.10
Severity: Medium
URL: CVE-2021-3537

Package: libxml2
Versions Impacted: 2.9.10
Severity: Medium
URL: CVE-2021-3541

Package: libxml2
Versions Impacted: 2.9.10
Severity: Medium
URL: CVE-2020-24977

Package: libxml2
Versions Impacted: 2.9.10
Severity: Medium
URL: CVE-2022-29824

Package: libxml2
Versions Impacted: 2.9.10
Severity: Medium
URL: CVE-2023-28484

Package: libxml2
Versions Impacted: 2.9.10
Severity: Medium
URL: CVE-2023-29469

Package: libxslt
Versions Impacted: 1.1.34
Severity: Medium
URL: CVE-2022-29824

December 2023 Release

ActivePython Enterprise Versions with Fix: 2.7.18.7

This is a feature change release needed to migrate the Python2 builders to a new back end. At this release, the new back end supports projects that contain only Linux builds for Glibc 2.17 and/or 2.28. Projects that include other platforms will remain on the previous release.

Python Core CVEs

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.6 and prior
Severity: High
URL: CVE-2022-0391

Updated Python Package CVEs

No Changes

November 2023 Release

ActivePython Enterprise Versions with Fix: 2.7.18.6

Python Core CVEs

No Changes

Updated Python Package CVEs

No Changes

October 2023 Release

ActivePython Enterprise Versions with Fix: 2.7.18.6

Python Core CVEs

No Changes

Updated Python Package CVEs

Package: urllib3
Versions Impacted: 1.26.15
Severity: High
URL: CVE-2023-43804

Package: OpenSSL
Versions Impacted: 1.1.1.22
Severity: High
URL: CVE-2023-4807

Package: wheel
Versions Impacted: 0.33.4
Severity: High
URL: CVE-2022-40898

Package: urllib3
Versions Impacted: 1.26.15
Severity: Medium
URL: CVE-2023-45803

Package: requests
Versions Impacted: 2.26.0
Severity: ?
URL: unreported

September 2023 Release

ActivePython Enterprise Versions with Fix: 2.7.18.6

Python Core CVEs

No Changes

Updated Python Package CVEs

Package: certifi
Versions Impacted: 2021.10.8
Severity: Critical
URL: CVE-2023-37920

Package: certifi
Versions Impacted: 2021.10.8
Severity: High
URL: CVE-2022-23491

Package: lxml
Versions Impacted: 4.6.3
Severity: High
URL: CVE-2022-2309

Package: lxml
Versions Impacted: 4.6.3
Severity: High
URL: CVE-2021-43818

Package: pygments
Versions Impacted: 2.5.2
Severity: High
URL: CVE-2021-20270

Package: pyjwt
Versions Impacted: 1.7.1
Severity: High
URL: CVE-2022-29217

Package: OpenSSL
Versions Impacted: 1.11.0.21
Severity: Medium
URL: CVE-2023-3817

June 2023 Release

ActivePython Enterprise Versions with Fix: 2.7.18.6

Python Core CVEs

No Changes

Updated Python Package CVEs

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2020-10379

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2020-35653

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-27923

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-27922

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-27921

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-25290

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-25291

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-25293

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-28676

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-28677

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-23437

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2022-45198

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2022-45199

Package: OpenSSL
Versions Impacted: 1.1.1t and older
Severity: High
URL: CVE-2023-0464

Package: OpenSSL
Versions Impacted: 1.1.1t and older
Severity: High
URL: CVE-2023-2650

Package: pillow
Versions Impacted: 6.2.2.3
Severity: Medium
URL: CVE-2020-10994

Package: pillow
Versions Impacted: 6.2.2.3
Severity: Medium
URL: CVE-2020-10378

Package: pillow
Versions Impacted: 6.2.2.3
Severity: Medium
URL: CVE-2020-10177

Package: pillow
Versions Impacted: 6.2.2.3
Severity: Medium
URL: CVE-2020-35655

Package: pillow
Versions Impacted: 6.2.2.3
Severity: Medium
URL: CVE-2021-25292

Package: pillow
Versions Impacted: 6.2.2.3
Severity: Medium
URL: CVE-2021-28678

Package: pillow
Versions Impacted: 6.2.2.3
Severity: Medium
URL: CVE-2021-28675

Package: pillow
Versions Impacted: 6.2.2.3
Severity: Medium
URL: CVE-2022-22816

Package: pillow
Versions Impacted: 6.2.2.3
Severity: Medium
URL: CVE-2022-22815

Package: OpenSSL
Versions Impacted: 1.1.1t and older
Severity: Medium
URL: CVE-2023-0466

Package: OpenSSL
Versions Impacted: 1.1.1t and older
Severity: Medium
URL: CVE-2023-0465

March 2023 Release

ActivePython Enterprise Versions with Fix: 2.7.18.6

Python Core CVEs

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.5 and prior
Severity: High
URL: CVE-2015-5652

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.5 and prior
Severity: High
URL: CVE-2017-17522

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.5 and prior
Severity: High
URL: CVE-2020-10735

Updated Python Package CVEs

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Critical
URL: CVE-2021-25287

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Critical
URL: CVE-2021-25288

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Critical
URL: CVE-2021-34552

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Critical
URL: CVE-2022-22817

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Critical
URL: CVE-2022-24303

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2020-35653

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-27923

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-27922

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-27921

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-25290

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-25291

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-25293

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-28676

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-28677

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2021-23437

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2022-45198

Package: pillow
Versions Impacted: 6.2.2.1
Severity: High
URL: CVE-2022-45199

Package: OpenSSL
Versions Impacted: 1.1.1s and older
Severity: High
URL: CVE-2022-4450

Package: OpenSSL
Versions Impacted: 1.1.1s and older
Severity: High
URL: CVE-2023-0286

Package: OpenSSL
Versions Impacted: 1.1.1s and older
Severity: High
URL: CVE-2023-0215

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Medium
URL: CVE-2020-35655

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Medium
URL: CVE-2021-25292

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Medium
URL: CVE-2021-28678

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Medium
URL: CVE-2021-28675

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Medium
URL: CVE-2022-22816

Package: pillow
Versions Impacted: 6.2.2.1
Severity: Medium
URL: CVE-2022-22815

Package: OpenSSL
Versions Impacted: 1.1.1s and older
Severity: Medium
URL: CVE-2022-4304

December 2022 Release

ActivePython Enterprise Versions with Fix: 2.7.18.5

Python Core CVEs

No Changes

Updated Python Package CVEs

Package: expat
Versions Impacted: 2.4.7
Severity: Critical
URL: CVE-2022-40674

Package: zlib
Versions Impacted: 1.2.12
Severity: Critical
URL: CVE-2022-37434

Package: expat
Versions Impacted: 2.4.7
Severity: High
URL: CVE-2022-43680

Other changes in build

OpenSSL upgraded to 1.1.1s

September 2022 Release

ActivePython Enterprise Versions with Fix: 2.7.18.5

Python Core CVEs

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.1, .2, .3, .4
Severity: High
URL: CVE-2022-0391

Updated Python Package CVEs

Package: expat
Versions Impacted: 2.2.9
Severity: Critical
URL: CVE-2022-22822

Package: expat
Versions Impacted: 2.2.9
Severity: Critical
URL: CVE-2022-22823

Package: expat
Versions Impacted: 2.2.9
Severity: Critical
URL: CVE-2022-22824

Package: expat
Versions Impacted: 2.2.9
Severity: Critical
URL: CVE-2022-23852

Package: expat
Versions Impacted: 2.2.9
Severity: Critical
URL: CVE-2022-23990

Package: expat
Versions Impacted: 2.2.9
Severity: Critical
URL: CVE-2022-25235

Package: expat
Versions Impacted: 2.2.9
Severity: Critical
URL: CVE-2022-25236

Package: expat
Versions Impacted: 2.2.9
Severity: Critical
URL: CVE-2022-25315

Package: OpenSSL 1.11.0.15
Versions Impacted: 1.1.1.o
Severity: Critical
URL: CVE-2022-2068

Package: expat
Versions Impacted: 2.2.9
Severity: High
URL: CVE-2021-45960

Package: expat
Versions Impacted: 2.2.9
Severity: High
URL: CVE-2021-46143

Package: expat
Versions Impacted: 2.2.9
Severity: High
URL: CVE-2022-22825

Package: expat
Versions Impacted: 2.2.9
Severity: High
URL: CVE-2022-22826

Package: expat
Versions Impacted: 2.2.9
Severity: High
URL: CVE-2022-22827

Package: expat
Versions Impacted: 2.2.9
Severity: High
URL: CVE-2022-25314

Package: OpenSSL
Versions Impacted: 1.1.1.o
Severity: High
URL: CVE-2022-2097

Package: expat
Versions Impacted: 2.2.9
Severity: Medium
URL: CVE-2022-25313

Package: expat
Versions Impacted: 2.2.9
Severity: Unscored
URL: CVE-2013-0340

June 2022 Release

ActivePython Enterprise Versions with Fix: 2.7.18.4

Python Core CVEs

No changes

Updated Python Packages CVEs

Package: OpenSSL
Versions Impacted: 1.1.1.m
Severity: Critical
URL: CVE-2022-1292

Package: OpenSSL
Versions Impacted: 1.1.1.m
Severity: High
URL: CVE-2022-0778

Other changes in build

February 2022 Release

ActivePython Enterprise Versions with Fix: 2.7.18.4

Python Core CVEs

No changes

Updated Python Packages CVEs

Package: OpenSSL
Versions Impacted: 1.1.1.l
Severity: Med
URL: CVE-2021-4160

Other changes in build

• Enterprise label added
• more-itertools pinned to 5.0.0
• pip pinned to 20.3.4
• platformdirs set to capped value <2.1
• attrs pinned to 21.2.0
• cryptography pinned to 3.3.2
• flake8 pinned to 3.9.2
• importlib-metadata pinned to 2.1.1
• requests pinned to 2.26.0
• Virtualenv pinned to 20.8.1

November 2021 Release

ActivePython Enterprise Versions with Fix: 2.7.18.4

Python Core CVEs

No changes

Updated Python Packages CVEs

Package: OpenSSL
Versions Impacted: 1.1.1.k
Severity: Critical
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3711

Package: Pillow
Versions Impacted: 6.2.2
Severity: Critical
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-25289

Package: OpenSSL
Versions Impacted: 1.1.1k
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3712

Package: Pillow
Versions Impacted: 6.2.2
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11538

Package: Pillow
Versions Impacted: 6.2.2
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-35654

Package: requests
Versions Impacted: 2.1.0
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2018-18074

Package: ElasticSearch
Versions Impacted: 7.11.0
Severity: Medium (6)
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22134

Package: ElasticSearch
Versions Impacted: 7.11.0
Severity: Medium (6)
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22135

Package: ElasticSearch
Versions Impacted: 7.11.0
Severity: Medium (6)
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22137

Package: ElasticSearch
Versions Impacted: 7.11.0
Severity: Medium (6)
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22144

Package: ElasticSearch
Versions Impacted: 7.11.0
Severity: Medium (6)
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22145

Package: ElasticSearch
Versions Impacted: 7.11.0
Severity: Medium (6)
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22147

Other changes in build

• cycler 0.10.0 added
• kiwisolver 1.1.0 added
• matplotlib 2.2.5 added
• matplotlib-set-lib 2.2.5 added
• setuptools-scm[toml] 5.0.2 added

Updated with Auto

• chardet 3.0.4 downgrade
• psutil 5.3.1 downgrade
• adodbapi 2.6.2.0 update
• bleach 3.3.1 update
• boto3 1.17.108 update
• botocore 1.20.111 update
• certifi 2020.12.5 update
• cffi 1.14.6 update
• cython 0.29.24 update
• docutils 0.18 update
• elasticsearch 7.15.1 update
• eventlet 0.31.1 update
• filelock 3.2.1 update
• gevent 1.3.2.post0 update
• greenlet 1.1.2 update
• html5lib 1.1 update
• httplib2 0.20.2 update
• jsonpointer 2.2 update
• mako 1.1.5 update
• openssl 1.11.0.12 update
• pathlib2 2.3.6 update
• pillow 6.2.2.1 update
• pkginfo 1.7.1 update
• py 1.11.0 update
• pycryptodome 3.11.0 update
• pyrsistent 0.16.1 update
• pytest 4.6.11 update
• pytest-xdist 1.34.0 update
• python-dateutil 2.8.2 update
• pytz 2021.3 update
• requests 2.25.0 update
• s3transfer 0.4.2 update
• singledispatch 3.7.0 update
• soupsieve 1.9.6 update
• tox 3.24.4 update
• tqdm 4.62.0 update
• urllib3 1.26.7 update
• wcwidth 0.2.4 update
• win_iconv update
• zipp 1.2.0 update

June 2021 Release

ActivePython Enterprise Versions with Fix: 2.7.18.4

Python Core CVEs

No changes

Updated Python Packages CVEs

Package: eventlet
Versions Impacted: Versions before 0.31.0
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-21419

Package: lxml
Versions Impacted: Versions before 4.6.3
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-28957

Non-Updated Python Packages with known CVEs

Legend - Number present at each severity (C)ritical, (H)igh, (M)edium

• Python 2.7.18.4 2x "Disputed" or "Unscored".
• libxml2 4xH 1xM Updates are incompatible.
• freetype2 1xM Cannot be upgraded without upgrading Pillow.
• pandas 1xC "Disputed" and no update for 2.7 available.
• pillow 1xC 10xH 5xM No update for 2.7 available.
• pygments 2xH No update for 2.7 available.
• redis 3xH 1xM No update available.
• requests 1xH No update for 2.7 is available.
• elasticsearch 3xM No update available.
• tornado 1xM No update for 2.7 available.

Other changes in build

• numpy pinned to 1.16.6
• boto3 pinned to 1.17.42

Updated with Auto

• attrs to 21.2.0
• babel to 2.9.1
• flask to 1.1.4
• pycodestyle down to 2.3.1
• pyflakes down to 1.6.0
• pytest-cov to 2.12.0
• six to 1.16.0
• tox to 3.23.1
• tqdm to 4.61.0
• urllib3 to 1.26.5
• virtualenv to 20.4.7

Updated Dependencies

- apipkg removed

• distlib to 0.3.2
• execnet to 1.9.0
• greenlet to 1.1.0
• importlib-resources to 3.3.1
• singledispatch to 3.6.2
• sortedcontainers to 2.4.0

April 2021 Release

ActivePython Enterprise Versions with Fix: 2.7.18.4

Python Core CVEs

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.1, .2, & .3
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23336

Python Packages CVEs

Package: OpenSSL
Versions Impacted: Versions before 1.2
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23840

Package: OpenSSL
Versions Impacted: Versions before 1.2.21.2
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2018-0732

Package: OpenSSL
Versions Impacted: Versions before 1.2.21.2
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23840

Package: OpenSSL
Versions Impacted: Versions before 1.2
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-1971

Package: OpenSSL
Versions Impacted: Versions before 1.2
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23841

Package: OpenSSL
Versions Impacted: Versions before 1.2
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3449

Package: OpenSSL
Versions Impacted: Versions before 1.2.21.2
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-1547

Package: OpenSSL
Versions Impacted: Versions before 1.2.21.2
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-1551

Package: OpenSSL
Versions Impacted: Versions before 1.2.21.2
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-1971

Package: OpenSSL
Versions Impacted: Versions before 1.2.21.2
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23841

Package: OpenSSL
Versions Impacted: Versions before 1.2.21.2
Severity: Low
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-1552

Package: OpenSSL
Versions Impacted: Versions before 1.2.21.2
Severity: Low
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-1563

Package: OpenSSL
Versions Impacted: Versions before 1.2.21.2
Severity: Low
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-1968

Package: OpenSSL
Versions Impacted: Versions before 1.2.21.2
Severity: Low
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23839

February 2021 Release

ActivePython Enterprise Versions with Fix: 2.7.18.3

Python Core CVEs

Language Core: Python Core (Cpython)
Versions Impacted: Python versions 2.7.18.2 & 3
Severity: Critical
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3177
NOTE: Please see separate CVE notification attached.

Python Packages CVEs

Package: bzip2
Versions Impacted: Versions before 1.0.7
Severity: Critical
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-12900

Package: cryptography
Versions Impacted: In the cryptography package before 3.3.2
Severity: Critical
URL:https://nvd.nist.gov/vuln/detail/CVE-2020-36242

Package: pyYAML
Versions Impacted: PyYAML library in versions before 5.4
Severity: Critical
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-14343

Package: elasticsearch
Versions Impacted: Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2
Severity: High
URL:https://nvd.nist.gov/vuln/detail/CVE-2020-7009

Package: httplib2
Versions Impacted: In httplib2 before version 0.19.0
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-21240

Package: lxml
Versions Impacted: Versions from 1.2 up to 4.6.2
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-27783

Package: httplib2
Versions Impacted: In httplib2 before version 0.18.0
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11078

Package: jinja2
Versions Impacted: package jinja2 from 0.0.0 and before 2.11.3
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-28493

Package: bleach
Versions Impacted: Bleach versions before 3.1.4.
Severity: Medium
CVE details: CVE-2020-6817

Package: openssl
Versions Impacted: All OpenSSL 1.1.1 and 1.0.2 versions
Severity: Medium
CVE details: CVE-2020-1971

November 2020 Release

ActivePython Enterprise Versions with Fix: 2.7.18.2

Python Core CVEs

Language Core: Python core (CPython)
Versions Impacted: 2.7.18.1
Severity: Critical
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-27619

Package: Python core (CPython)
Versions Impacted: 2.7.18.1
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-26116

Package: Python core (CPython)
Versions Impacted: 2.7.18.1
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-20907

Python Packages CVEs

Package: libxslt
Versions Impacted: Versions before 1.1.34
ActivePython Enterprise Versions with Fix:1.1.34
Severity: Critical
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-11068

Package: urllib3
Versions Impacted: Versions before 1.25.8
ActivePython Enterprise Versions with Fix: 1.25.8 or higher
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-7212

Package: pySAML
Versions Impacted: Versions before 5.0.0
ActivePython Enterprise Versions with Fix: 5.0.0
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-5390

Package: urllib3
Versions Impacted: Versions before 1.25.9
ActivePython Enterprise Versions with Fix: 1.25.9 or higher
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-26137

Package: Twisted
Versions Impacted: Versions before 19.2.1
ActivePython Enterprise Versions with Fix: 19.2.1 or higher
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-12387

August 2020 Release

ActivePython Enterprise Versions with Fix: 2.7.18.1

Python Core CVEs

Language Core: Python core (CPython)
Versions Impacted: 2.7.18
Severity: Medium URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8492

Python Packages CVEs

Package: Pillow
Versions Impacted: In Pillow before 6.2.2
ActivePython Enterprise Versions with Fix: 6.2.2 or higher
Severity: Critical
URLs:

• https://nvd.nist.gov/vuln/detail/CVE-2020-5311
• https://nvd.nist.gov/vuln/detail/CVE-2020-5310
• https://nvd.nist.gov/vuln/detail/CVE-2020-5312
• https://nvd.nist.gov/vuln/detail/CVE-2020-5313

Package: Python core dependency (SQLite )
Versions Impacted: All versions prior to 3.31.1
Severity: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11655

Package: Bleach
Versions Impacted: In Mozilla Bleach before 3.1.2
ActivePython Enterprise Versions with Fix: 3.1.2 or higher
Severity: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-6816
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-6802

If you have any questions, please contact support@activestate.com.