When using an embedded Python script in Dynamo, the node installs an embedded version 3.9.12 in the local user C:\Users\Given name.Family name\AppData\Local\python-3.9.12-embed-amd64.
This version of python dates back to 2022 and our IT department have flagged two issues:
- the install is not current and has potential security risks.
- The install is placed in the local user profile and has no option to install in the machine, which again is a security risk.
Can we configure the installation to the latest version and locate in the machine?
If not can you please make configurable?
Background: This issue was was submitted as an Autodesk support request, with the following reply:
"Thank you for your query. It landed in the developer support queue of DAS, the Autodesk Developer Advocacy and Support team.
We deal with pure API and programming issues and do not have much knowledge of Dynamo, which is considered an end user tool, or of generic product installation, setup and configuration.
Your best chance at getting a reliable answer to this question is to address it to the dedicated Dynamo experts in the Dynamo discussion forum."
This is a supported version and is expected to be for a good ways yet - 16 months out. I would expect the team to issue a patch if any vulnerabilities are disclosed, or if that dependency hits EOL before the associated Revit version does (so depending on the reason for updating there may be a patch for 2024, but not 2022).
Not sure what you mean here, but to me this is actually more secure as it prevents limits the scope of access to the users directory, instead of any user who is logged in bei N able to execute/access an associated Python instance.
Not in a supported manor. You’ll likely break stuff but Dynamo is open source so you can take a shot at doing so on your own. I wouldn’t recommend it as it’d be a never-ending big lift for no real value - you’ll create more bugs than you solve and restrict which Python (and therefore Dynamo packages and tools) to your home brew for no real security benefit (unless the developer was going to take over maintenance, monitoring and oversight in a way similar to Autodesk’s Trust and Safety team).
Almost certainly not going to happen in old builds as there are much more impactful changes they could work on, and not super likely in subsequent builds as this isn’t as simple as ‘load a different Python engine from a different spot. That said the team is has Python improvements in the roadmap so perhaps in a future build. That said the Python implementation is not super easy to build out, so you may have to live with spurts of versions here and there.
This is not the type of message I would not expect from my colleagues - they owe you better and they shouldn’t be redirecting to this forum. Please DM me so I can raise an issue internally. Also resubmit the case as your security team’s questions aren’t really related to Dynamo directly (feel free to grab a different Dynamo build and you’ll get a newer versions of all sorts of things, including Python and even .NET) but Revit (for which there are other issues your team likely flagged as well). Revit does the install and shipment after all. 
3 Likes