Python Libraries
Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fixes for a variety of Python Libraries. This allows you to continue running your Python applications without vulnerability concerns, even after official support has ended.
Supported Python Libraries
- aiohttp 3.8.1, 3.8.4, 3.8.5, 3.8.6
- certifi 2021.10.8, 2022.12.7, 2023.7.22
- cryptography 3.4.8, 41.0.7, 42.0.0, 42.0.8, 43.0.1, 43.0.3, 44.0.3, 45.0.7
- deepdiff 6.2.3
- dnspython 2.3.0
- flask-cors 4.0.2
- future 1.0.0
- GitPython 3.1.31
- gunicorn 20.0.4, 20.1.0, 21.2.0, 22.0.0
- h11 0.9.0
- httpx 0.22.0
- idna 2.1, 2.8, 2.10, 3.6
- jaraco-context 5.3.0
- Jinja2 2.11.3, 3.0.3
- MLflow 2.22.4
- MySQL Connector/Python 8.4.0
- orjson 3.8.5
- pandas 2.2.0, 2.2.2
- paramiko 3.0.0
- pdfkit 0.6.1
- pip 9.0
- Pillow 8.4.0, 9.4.0, 9.5.0, 11.2.1
- protobuf 3.17.0, 3.20.0, 4.24.3, 4.25.8
- pydantic 1.10.5
- PyJWT 1.7.1, 2.3.0, 2.8.0, 2.10.1
- pymongo 3.13.0
- pymysql 0.10.1
- pypdf 5.9.0
- python-jose 3.3.0
- python-multipart 0.0.6
- PyYAML 3.13, 5.3.1
- redis-py 4.5.1
- requests 2.25.1, 2.30.0, 2.31.0, 2.32.3
- scikit-learn 1.0.2
- setuptools 65.5.1, 68.0.0, 70.3.0, 75.0.0, 75.8.0
- torch 1.13.1
- tornado 6.1.0
- tqdm 4.66.1
- twisted 20.3.0
- urllib3 1.25.11, 1.26.4, 1.26.20, 2.0.7
- uvicorn 0.11.6
- waitress 2.1.2
- websockets 8.1
Other libraries upon request.
Connection to ELS for Python Libraries Repository
This guide outlines the steps needed to integrate the TuxCare ELS for Python Libraries repository.
Step 1: Get user credentials
You need a username and password in order to use TuxCare ELS for Python Libraries repository. Anonymous access is disabled. To receive the credentials please contact sales@tuxcare.com.
Step 2: Set Up ELS for Python Libraries
To use TuxCare's ELS for Python libraries, follow one of the options below:
Option 1: Install a Package with ELS Repository via Command Line
You can install or upgrade a package directly using the ELS repository with your credentials:
pip install --upgrade \
-i https://<username>:<password>@nexus.repo.tuxcare.com/repository/els_python/simple \
<package>
Replace:
<username>and<password>with the credentials provided by sales.<package>- with the Python package name (e.g.,certifi).
Option 2: Configure pip to Use the ELS Repository (Full Replacement)
This method is recommended if you want to use only ELS-patched Python packages from TuxCare and replace the default PyPI source with the TuxCare ELS repository.
Create or update the
pipconfiguration file and add the following:[global] index-url = https://username:password@nexus.repo.tuxcare.com/repository/els_python/simpleRun the command to install the latest package version:
pip install --upgrade <package>Replace
<package>with the python package name, for example, certifi.Or install a specific patched TuxCare version, for example:
pip install certifi==2021.10.8.post2+tuxcare
Option 3: Add the TuxCare ELS Repository as Additional (recommended)
If you want to keep using public PyPI and fetch only specific patched packages from TuxCare, use extra-index-url instead. In this configuration, make sure to specify the exact patched version (step 2 below), otherwise pip may install the version from public PyPI.
Create or update the
pipconfiguration file and add the following:[global] extra-index-url = https://username:password@nexus.repo.tuxcare.com/repository/els_python/simpleRun the command to install a specific patched TuxCare version, for example:
pip install certifi==2021.10.8.post2+tuxcare
Upgrading to a Newer TuxCare Version
To upgrade to a newer TuxCare release (e.g., from version.post1+tuxcare to version.post2+tuxcare) use the same installation method you used above and specify the newer package version.
Vulnerability Exploitability eXchange (VEX)
VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives, helps prioritize real risks.
TuxCare provides VEX for Python Libraries ELS versions: security.tuxcare.com/vex/cyclonedx/els_lang_python/.
Resolved CVEs
Fixes for the following vulnerabilities are available in ELS for Python Libraries from TuxCare versions:
| CVE ID | Severity | Vulnerable Versions | Safe Version |
|---|---|---|---|
| CVE-2025-53643 | High | < 3.12.14 | 3.8.1.post5+tuxcare |
| CVE-2024-52304 | High | < 3.10.11 | 3.8.1.post7+tuxcare |
| CVE-2024-52304 | High | < 3.10.11 | 3.8.5.post2+tuxcare |
| CVE-2024-30251 | High | < 3.9.4 | 3.8.1.post4+tuxcare |
| CVE-2024-30251 | High | < 3.9.4 | 3.8.6.post1+tuxcare |
| CVE-2024-27306 | Medium | < 3.9.4 | 3.8.1.post6+tuxcare |
| CVE-2024-23829 | Medium | < 3.9.2 | 3.8.1.post3+tuxcare |
| CVE-2024-23829 | Medium | < 3.9.2 | 3.8.5.post3+tuxcare |
| CVE-2024-23334 | High | >= 1.0.5, < 3.9.2 | 3.8.1.post7+tuxcare |
| CVE-2024-23334 | High | >= 1.0.5, < 3.9.2 | 3.8.5.post3+tuxcare |
| CVE-2023-49082 | Medium | < 3.9.0 | 3.8.1.post6+tuxcare |
| CVE-2023-49082 | Medium | < 3.9.0 | 3.8.5.post1+tuxcare |
| CVE-2023-49082 | Medium | < 3.9.0 | 3.8.6.post2+tuxcare |
| CVE-2023-49081 | Medium | < 3.9.0 | 3.8.1.post2+tuxcare |
| CVE-2023-49081 | Medium | < 3.9.0 | 3.8.5.post4+tuxcare |
| CVE-2023-47627 | High | < 3.8.6 | 3.8.1.post1+tuxcare |
| CVE-2023-47627 | High | < 3.8.6 | 3.8.5.post1+tuxcare |
| CVE-2023-37276 | High | < 3.8.5 | 3.8.1.post5+tuxcare |
| CVE-2023-37276 | High | < 3.8.5 | 3.8.4.post1+tuxcare |
| GHSA-pjjw-qhg8-p2p9 | High | < 3.8.6 | 3.8.1.post7+tuxcare |
N/A (Not Available) means that the National Vulnerability Database (NVD) has registered this CVE, but an official CVSS severity score has not yet been assigned.
If you are interested in the TuxCare Endless Lifecycle Support, contact sales@tuxcare.com.
