I am trying to find out if there are any end-of-life versions for H5Py, and if so, when do these versions typically become EOL/unsupported in terms of security? If this information is publicly stored anywhere please let me know. Thanks
Hi Symphoni! In general, any fixes to h5py are only applied and released in the next version - the team maintaining it is too small and too sporadically available to backport fixes. So in that sense, only the latest version at any time is ‘supported’ - but it’s not clear exactly what ‘supported’ means when you can’t pay for a support contract. Of course, third parties (like Anaconda) may offer paid support for h5py - if so, it’s up to them which versions they support.
I would expect that most security issues related to h5py are actually in HDF5 itself. If you’re using h5py and security is a concern, it’s a good idea to look out for security issues in HDF5, and know how to rebuild h5py against a new version of HDF5 when you need to.