-------- Forwarded Message -------- Subject: [Python-announce] PyCA cryptography 46.0.5 released Date: Tue, 10 Feb 2026 13:33:26 -0600 From: Paul Kehrer via Python-announce-list <[email protected]> Reply-To: [email protected] To: [email protected], [email protected] CC: Paul Kehrer <[email protected]> PyCA cryptography 46.0.0 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.8+, and PyPy3 3.11. Changelog (https://cryptography.io/en/latest/changelog/#v46-0-5) * An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for reporting the issue. **CVE-2026-26007** * Support for SECT binary elliptic curves is deprecated and will be removed in the next release. -Paul Kehrer (reaperhulk) _______________________________________________ Python-announce-list mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-announce-list.python.org Member address: [email protected]
