H5Py EOL Versions?


#1

I am trying to find out if there are any end-of-life versions for H5Py, and if so, when do these versions typically become EOL/unsupported in terms of security? If this information is publicly stored anywhere please let me know. Thanks


#2

Hi Symphoni! In general, any fixes to h5py are only applied and released in the next version - the team maintaining it is too small and too sporadically available to backport fixes. So in that sense, only the latest version at any time is ‘supported’ - but it’s not clear exactly what ‘supported’ means when you can’t pay for a support contract. Of course, third parties (like Anaconda) may offer paid support for h5py - if so, it’s up to them which versions they support.

I would expect that most security issues related to h5py are actually in HDF5 itself. If you’re using h5py and security is a concern, it’s a good idea to look out for security issues in HDF5, and know how to rebuild h5py against a new version of HDF5 when you need to.