Updated the version Python to 3.9.18 as needed for OpenSSL Windows update #20058
Conversation
| @@ -58,19 +58,19 @@ | |||
| end | |||
|
|
|||
| else | |||
| default_version "3.9.17-26e6052" | |||
| default_version "3.9.18-38f3b72" | |||
| dependency "vc_redist_14" | |||
|
|
|||
| if windows_arch_i386? | |||
| dependency "vc_ucrt_redist" | |||
|
|
|||
| source :url => "https://dd-agent-omnibus.s3.amazonaws.com/python-windows-#{version}-x86.zip", | |||
There was a problem hiding this comment.
I'm curious as to how this bucket is provided with the artifact 🤔
There was a problem hiding this comment.
This is done via this gitlab pipeline defined here.
There was a problem hiding this comment.
When we move to Python 3.11 we will no longer be using that fork of Python.
There was a problem hiding this comment.
Ah right I forgot we are using a fork. Thanks for the clarification!
Bloop Bleep... Dogbot HereRegression Detector ResultsRun ID: 29421279-5620-4b70-9935-d83ac025eefe ExplanationA regression test is an integrated performance test for Because a target's optimization goal performance in each experiment will vary somewhat each time it is run, we can only estimate mean differences in optimization goal relative to the baseline target. We express these differences as a percentage change relative to the baseline target, denoted "Δ mean %". These estimates are made to a precision that balances accuracy and cost control. We represent this precision as a 90.00% confidence interval denoted "Δ mean % CI": there is a 90.00% chance that the true value of "Δ mean %" is in that interval. We decide whether a change in performance is a "regression" -- a change worth investigating further -- if both of the following two criteria are true:
The table below, if present, lists those experiments that have experienced a statistically significant change in mean optimization goal performance between baseline and comparison SHAs with 90.00% confidence OR have been detected as newly erratic. Negative values of "Δ mean %" mean that baseline is faster, whereas positive values of "Δ mean %" mean that comparison is faster. Results that do not exhibit more than a ±5.00% change in their mean optimization goal are discarded. An experiment is erratic if its coefficient of variation is greater than 0.1. The abbreviated table will be omitted if no interesting change is observed. No interesting changes in experiment optimization goals with confidence ≥ 90.00% and |Δ mean %| ≥ 5.00%. Fine details of change detection per experiment.
|
releasenotes/notes/update-python-openssl-on-windows-to-1.1.1w-0a00d9c8a0cfde12.yaml
Outdated
Show resolved
Hide resolved
releasenotes/notes/update-python-openssl-on-windows-to-1.1.1w-0a00d9c8a0cfde12.yaml
Outdated
Show resolved
Hide resolved
…0a00d9c8a0cfde12.yaml Co-authored-by: Bryce Eadie <[email protected]>
…0a00d9c8a0cfde12.yaml Co-authored-by: Bryce Eadie <[email protected]>
carlosroman
deleted the
carlosroman/AMLII-1108-windows-py3.9.18-openssl
branch
…date (#20058) * Updated the version Python to 3.9.18 as needed for OpenSSL Windows update * Update releasenotes/notes/update-python-openssl-on-windows-to-1.1.1w-0a00d9c8a0cfde12.yaml Co-authored-by: Bryce Eadie <[email protected]> * Update releasenotes/notes/update-python-openssl-on-windows-to-1.1.1w-0a00d9c8a0cfde12.yaml Co-authored-by: Bryce Eadie <[email protected]> --------- Co-authored-by: Bryce Eadie <[email protected]>
…date (#20058) * Updated the version Python to 3.9.18 as needed for OpenSSL Windows update * Update releasenotes/notes/update-python-openssl-on-windows-to-1.1.1w-0a00d9c8a0cfde12.yaml Co-authored-by: Bryce Eadie <[email protected]> * Update releasenotes/notes/update-python-openssl-on-windows-to-1.1.1w-0a00d9c8a0cfde12.yaml Co-authored-by: Bryce Eadie <[email protected]> --------- Co-authored-by: Bryce Eadie <[email protected]>
…date (#20058) (#20072) * Updated the version Python to 3.9.18 as needed for OpenSSL Windows update * Update releasenotes/notes/update-python-openssl-on-windows-to-1.1.1w-0a00d9c8a0cfde12.yaml * Update releasenotes/notes/update-python-openssl-on-windows-to-1.1.1w-0a00d9c8a0cfde12.yaml --------- Co-authored-by: Bryce Eadie <[email protected]>
…date (#20058) (#20073) * Updated the version Python to 3.9.18 as needed for OpenSSL Windows update * Update releasenotes/notes/update-python-openssl-on-windows-to-1.1.1w-0a00d9c8a0cfde12.yaml * Update releasenotes/notes/update-python-openssl-on-windows-to-1.1.1w-0a00d9c8a0cfde12.yaml --------- Co-authored-by: Bryce Eadie <[email protected]>
What does this PR do?
Upgrades the version of OpenSSL being used to
1.1.1w. Fixes CVE-2023-4807, CVE-2023-3817 and CVE-2023-3446.See https://www.openssl.org/news/openssl-1.1.1-notes.html for more details.
Windows OpenSSL upgrade: OpenSSL 1.1.1w.
Motivation
The current version of OpenSSL being used on Windows (version
1.1.1u) has some reported CVEs that are mitigated by version1.1.1w.Describe how to test/QA your changes
Reviewer's Checklist
Triagemilestone is set.major_changelabel if your change either has a major impact on the code base, is impacting multiple teams or is changing important well-established internals of the Agent. This label will be use during QA to make sure each team pay extra attention to the changed behavior. For any customer facing change use a releasenote.changelog/no-changeloglabel has been applied.qa/skip-qalabel is not applied.team/..label has been applied, indicating the team(s) that should QA this change.need-change/operatorandneed-change/helmlabels have been applied.k8s/<min-version>label, indicating the lowest Kubernetes version compatible with this feature.