Python infos
-
Python 3.13.2 and 3.12.9 now available!
A small release day today! That is to say the releases are relatively small; the day itself was of average size, as most days are.
Python 3.13.2
Python 3.13’s second maintenance release. About 250 changes went into this update, and can be yours for free if you just upgrade now.
https://www.python.org/downloads/release/python-3132/
Python 3.12.9
Python 3.12’s ninth maintenance release already. Just 180 changes for 3.12, but it’s still worth upgrading.
Enjoy the new releases
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.
Regards from your tireless, tireless release team,
Thomas Wouters
Ned Deily
Steve Dower
Łukasz Langa -
Python 3.14.0 alpha 4 is out
Hello, three dot fourteen dot zero alpha four!
https://www.python.org/downloads/release/python-3140a4/
This is an early developer preview of Python 3.14
Major new features of the 3.14 series, compared to 3.13
Python 3.14 is still in development. This release, 3.14.0a4, is the fourth of seven planned alpha releases.
Alpha releases are intended to make it easier to test the current state of new features and bug fixes and to test the release process.
During the alpha phase, features may be added up until the start of the beta phase (2025-05-06) and, if necessary, may be modified or deleted up until the release candidate phase (2025-07-22). Please keep in mind that this is a preview release and its use is not recommended for production environments.
Many new features for Python 3.14 are still being planned and written. Among the new major new features and changes so far:
- PEP 649: deferred evaluation of annotations
- PEP 741: Python configuration C API
- PEP 761: Python 3.14 and onwards no longer provides PGP signatures for release artifacts. Instead, Sigstore is recommended for verifiers.
- Improved error messages
- Many removals of deprecated classes, functions, methods and parameters in various standard library modules.
- New deprecations, many of which are scheduled for removal from Python 3.16
- C API removals and deprecations
- (Hey, fellow core developer, if a feature you find important is missing from this list, let Hugo know.)
The next pre-release of Python 3.14 will be 3.14.0a5, currently scheduled for 2025-02-11.
More resources
- Online documentation
- PEP 745, 3.14 Release Schedule
- Report bugs at https://github.com/python/cpython/issues
- Help fund Python and its community
And now for something completely different
In Python, you can use Greek letters as constants. For example:
from math import pi as π def circumference(radius: float) -> float: return 2 * π * radius print(circumference(6378.137)) # 40075.016685578485
Enjoy the new release
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organisation contributions to the Python Software Foundation.
Regards from a slushy, slippery Helsinki,
Your release team,
Hugo van Kemenade @hugovk
Ned Deily @nad
Steve Dower @steve.dower
Łukasz Langa @ambv -
Python 3.14.0 alpha 3 is out
O Alpha 3, O Alpha 3, how lovely are your branches!
https://www.python.org/downloads/release/python-3140a3/
This is an early developer preview of Python 3.14
Major new features of the 3.14 series, compared to 3.13
Python 3.14 is still in development. This release, 3.14.0a3, is the third of seven planned alpha releases.
Alpha releases are intended to make it easier to test the current state of new features and bug fixes and to test the release process.
During the alpha phase, features may be added up until the start of the beta phase (2025-05-06) and, if necessary, may be modified or deleted up until the release candidate phase (2025-07-22). Please keep in mind that this is a preview release and its use is not recommended for production environments.
Many new features for Python 3.14 are still being planned and written. Among the new major new features and changes so far:
- PEP 649: deferred evaluation of annotations
- PEP 741: Python configuration C API
- PEP 761: Python 3.14 and onwards no longer provides PGP signatures for release artifacts. Instead, Sigstore is recommended for verifiers.
- Improved error messages
- (Hey, fellow core developer, if a feature you find important is missing from this list, let Hugo know.)
The next pre-release of Python 3.14 will be 3.14.0a4, currently scheduled for 2025-01-14.
More resources
- Online documentation
- PEP 745, 3.14 Release Schedule
- Report bugs at https://github.com/python/cpython/issues
- Help fund Python and its community
And now for something completely different
A mince pie is a small, round covered tart filled with “mincemeat”, usually eaten during the Christmas season – the UK consumes some 800 million each Christmas. Mincemeat is a mixture of things like apple, dried fruits, candied peel and spices, and originally would have contained meat chopped small, but rarely nowadays. They are often served warm with brandy butter.
According to the Oxford English Dictionary, the earliest mention of Christmas mince pies is by Thomas Dekker, writing in the aftermath of the 1603 London plague, in Newes from Graues-end: Sent to Nobody (1604):
Ten thousand in London swore to feast their neighbors with nothing but plum-porredge, and mince-pyes all Christmas.
Here’s a meaty recipe from Rare and Excellent Receipts, Experienc’d and Taught by Mrs Mary Tillinghast and now Printed for the Use of her Scholars Only (1678):
- How to make Mince-pies.
To every pound of Meat, take two pound of beef Suet, a pound of Corrants, and a quarter of an Ounce of Cinnamon, one Nutmeg, a little beaten Mace, some beaten Colves, a little Sack & Rose-water, two large Pippins, some Orange and Lemon peel cut very thin, and shred very small, a few beaten Carraway-seeds, if you love them the Juyce of half a Lemon squez’d into this quantity of meat; for Sugar, sweeten it to your relish; then mix all these together and fill your Pie. The best meat for Pies is Neats-Tongues, or a leg of Veal; you may make them of a leg of Mutton if you please; the meat must be parboyl’d if you do not spend it presently; but if it be for present use, you may do it raw, and the Pies will be the better.
Enjoy the new release
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organisation contributions to the Python Software Foundation.
Regards from a snowy and slippery Helsinki,
Your release team,
Hugo van Kemenade
Ned Deily
Steve Dower
Łukasz Langa -
Python 3.13.1, 3.12.8, 3.11.11, 3.10.16 and 3.9.21 are now available
Another big release day! Python 3.13.1 and 3.12.8 were regularly scheduled releases, but they do contain a few security fixes. That makes it a nice time to release the security-fix-only versions too, so everything is as secure as we can make it.
Python 3.13.1
Python 3.13’s first maintenance release. My child is all growed up now, I guess! Almost 400 bugfixes, build improvements and documentation changes went in since 3.13.0, making this the very best Python release to date.
https://www.python.org/downloads/release/python-3131/
Python 3.12.8
Python 3.12 might be slowly reaching middle age, but still received over 250 bugfixes, build improvements and documentation changes since 3.12.7.
Python 3.11.11
I know it’s probably hard to hear, but this is the second security-only release of Python 3.11. Yes, really! Oh yes, I know, I know, but it’s true! Only 11 commits went in since 3.11.10.
Python 3.10.16
Python 3.10 received a total of 14 commits since 3.10.15. Why more than 3.11? Because it needed a little bit of extra attention to keep working with current GitHub practices, I guess.
Python 3.9.21
Python 3.9 isn’t quite ready for pasture yet, as it’s set to receive security fixes for at least another 10 months. Very similarly to 3.10, it received 14 commits since 3.9.20.
Stay safe and upgrade!
As always, upgrading is highly recommended to all users of affected versions.
Enjoy the new releases
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.
Regards from your tireless, tireless release team,
Thomas Wouters
Ned Deily
Steve Dower
Pablo Galindo Salgado
Łukasz Langa -
Python 3.14.0 alpha 2 released
Alpha 2? But Alpha 1 only just came out!
https://www.python.org/downloads/release/python-3140a2/
This is an early developer preview of Python 3.14
Major new features of the 3.14 series, compared to 3.13
Python 3.14 is still in development. This release, 3.14.0a2 is the second of seven planned alpha releases.
Alpha releases are intended to make it easier to test the current state of new features and bug fixes and to test the release process.
During the alpha phase, features may be added up until the start of the beta phase (2025-05-06) and, if necessary, may be modified or deleted up until the release candidate phase (2025-07-22). Please keep in mind that this is a preview release and its use is not recommended for production environments.
Many new features for Python 3.14 are still being planned and written. Among the new major new features and changes so far:
- PEP 649: deferred evaluation of annotations
- PEP 741: Python configuration C API
- PEP 761: Python 3.14 and onwards no longer provides PGP signatures for release artifacts. Instead, Sigstore is recommended for verifiers.
- Improved error messages
- (Hey, fellow core developer, if a feature you find important is missing from this list, let Hugo know.)
The next pre-release of Python 3.14 will be 3.14.0a3, currently scheduled for 2024-12-17.
More resources
- Online documentation
- PEP 745, 3.14 Release Schedule
- Report bugs at https://github.com/python/cpython/issues
- Help fund Python and its community
Enjoy the new release
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organisation contributions to the Python Software Foundation.
Regards from a chilly Helsinki with snow on the way,
Your release team,
Hugo van Kemenade
Ned Deily
Steve Dower
Łukasz Langa -
Python 3.14.0 alpha 1 is now available
It's now time for a new alpha of a new version of Python!
https://www.python.org/downloads/release/python-3140a1/
This is an early developer preview of Python 3.14
Major new features of the 3.14 series, compared to 3.13
Python 3.14 is still in development. This release, 3.14.0a1 is the first of seven planned alpha releases.
Alpha releases are intended to make it easier to test the current state of new features and bug fixes and to test the release process.
During the alpha phase, features may be added up until the start of the beta phase (2025-05-06) and, if necessary, may be modified or deleted up until the release candidate phase (2025-07-22). Please keep in mind that this is a preview release and its use is not recommended for production environments.
Many new features for Python 3.14 are still being planned and written. Among the new major new features and changes so far:
- PEP 649: deferred evaluation of annotations
- Improved error messages
- (Hey, fellow core developer, if a feature you find important is missing from this list, let Hugo know.)
The next pre-release of Python 3.14 will be 3.14.0a2, currently scheduled for 2024-11-19.
More resources
- Online documentation
- PEP 745, 3.14 Release Schedule
- Report bugs at https://github.com/python/cpython/issues
- Help fund Python and its community
Enjoy the new release
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.
Regards from a grey yet colourful Helsinki,
Your release team,
Hugo van Kemenade
Ned Deily
Steve Dower
Łukasz Langa -
Python 3.13.0 (final) released
Python 3.13.0 is now available
This is the stable release of Python 3.13.0
Python 3.13.0 is the newest major release of the Python programming language, and it contains many new features and optimizations compared to Python 3.12. (Compared to the last release candidate, 3.13.0rc3, 3.13.0 contains two small bug fixes and some documentation and testing changes.)
Major new features of the 3.13 series, compared to 3.12
Some of the new major new features and changes in Python 3.13 are:
New features
- A new and improved interactive interpreter, based on PyPy’s, featuring multi-line editing and color support, as well as colorized exception tracebacks.
- An experimental free-threaded build mode, which disables the Global Interpreter Lock, allowing threads to run more concurrently. The build mode is available as an experimental feature in the Windows and macOS installers as well.
- A preliminary, experimental JIT, providing the ground work for significant performance improvements.
- The
locals()
builtin function (and its C equivalent) now has well-defined semantics when mutating the returned mapping, which allows debuggers to operate more consistently. - A modified version of mimalloc is now included, optional but enabled by default if supported by the platform, and required for the free-threaded build mode.
- Docstrings now have their leading indentation stripped, reducing memory use and the size of .pyc files. (Most tools handling docstrings already strip leading indentation.)
- The dbm module has a new dbm.sqlite3 backend that is used by default when creating new files.
- The minimum supported macOS version was changed from 10.9 to 10.13 (High Sierra). Older macOS versions will not be supported going forward.
- WASI is now a Tier 2 supported platform. Emscripten is no longer an officially supported platform (but Pyodide continues to support Emscripten).
- iOS is now a Tier 3 supported platform.
- Android is now a Tier 3 supported platform.
Typing
- Support for type defaults in type parameters.
- A new type narrowing annotation,
typing.TypeIs
. - A new annotation for read-only items in TypeDicts.
- A new annotation for marking deprecations in the type system.
Removals and new deprecations
- PEP 594 (Removing dead batteries from the standard library) scheduled removals of many deprecated modules:
aifc
,audioop
,chunk
,cgi
,cgitb
,crypt
,imghdr
,mailcap
,msilib
,nis
,nntplib
,ossaudiodev
,pipes
,sndhdr
,spwd
,sunau
,telnetlib
,uu
,xdrlib
,lib2to3
. - Many other removals of deprecated classes, functions and methods in various standard library modules.
- C API removals and deprecations. (Some removals present in alpha 1 were reverted in alpha 2, as the removals were deemed too disruptive at this time.)
- New deprecations, most of which are scheduled for removal from Python 3.15 or 3.16.
For more details on the changes to Python 3.13, see What’s new in Python 3.13.
More resources
- Online Documentation
- PEP 719, 3.13 Release Schedule
- Report bugs via GitHub Issues.
- Help fund Python directly (or via GitHub Sponsors), and support the Python community.
We hope you enjoy the new releases!
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.
Choo-choo from the release train,
Your release team,
Thomas Wouters
Ned Deily
Steve Dower
Łukasz Langa -
Python 3.12.7 released
I'm pleased to announce the release of Python 3.12.7:
https://www.python.org/downloads/release/python-3127/This is the seventh maintenance release of Python 3.12
Python 3.12 is the newest major release of the Python programming language, and it contains many new features and optimizations. 3.12.7 is the latest maintenance release, containing more than 100 bugfixes, build improvements and documentation changes since 3.12.6.
Major new features of the 3.12 series, compared to 3.11
New features
- More flexible f-string parsing, allowing many things previously disallowed (PEP 701).
- Support for the buffer protocol in Python code (PEP 688).
- A new debugging/profiling API (PEP 669).
- Support for isolated subinterpreters with separate Global Interpreter Locks (PEP 684).
- Even more improved error messages. More exceptions potentially caused by typos now make suggestions to the user.
- Support for the Linux
perf
profiler to report Python function names in traces. - Many large and small performance improvements (like PEP 709 and support for the BOLT binary optimizer), delivering an estimated 5% overall performance improvement.
Type annotations
- New type annotation syntax for generic classes (PEP 695).
- New override decorator for methods (PEP 698).
Deprecations
- The deprecated
wstr
andwstr_length
members of the C implementation of unicode objects were removed, per PEP 623. - In the
unittest
module, a number of long deprecated methods and classes were removed. (They had been deprecated since Python 3.1 or 3.2). - The deprecated
smtpd
anddistutils
modules have been removed (see PEP 594 and PEP 632. Thesetuptools
package continues to provide thedistutils
module. - A number of other old, broken and deprecated functions, classes and methods have been removed.
- Invalid backslash escape sequences in strings now warn with
SyntaxWarning
instead ofDeprecationWarning
, making them more visible. (They will become syntax errors in the future.) - The internal representation of integers has changed in preparation for performance enhancements. (This should not affect most users as it is an internal detail, but it may cause problems for Cython-generated code.)
For more details on the changes to Python 3.12, see What’s new in Python 3.12.
More resources
- Online Documentation.
- PEP 693, the Python 3.12 Release Schedule.
- Report bugs via GitHub Issues.
- Help fund Python directly or via GitHub Sponsors, and support the Python community.
Enjoy the new releases
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.
Your release team,
Thomas Wouters
Łukasz Langa
Ned Deily
Steve Dower -
Python 3.13.0 release candidate 3 released
I'm pleased to announce the release of Python 3.13 release candidate 3 (instead of the expected final release).
https://www.python.org/downloads/release/python-3130rc3/This is the final release candidate of Python 3.13.0
This release, 3.13.0rc3, is the final release preview (no really) of 3.13. This release is expected to become the final 3.13.0 release, barring any critical bugs being discovered. The official release of 3.13.0 is now scheduled for Monday, 2024-10-07.
This extra, unplanned release candidate exists because of a couple of last minute issues, primarily a significant performance regression in specific workloads due to the incremental cyclic garbage collector (introduced in the alpha releases). We decided to roll back the garbage collector change in 3.13 (and continuing work in 3.14 to improve it), apply a number of other important bug fixes, and roll out a new release candidate.
There will be no ABI changes from this point forward in the 3.13 series (and there haven't been any since the beta releases).
Call to action
We strongly encourage maintainers of Python projects to prepare their projects for 3.13 compatibilities during this phase, and where necessary publish Python 3.13 wheels on PyPI to be ready for the final release of 3.13.0. Any binary wheels built against Python 3.13.0rc1 and later will work with future versions of Python 3.13. As always, report any issues to the Python bug tracker.
Please keep in mind that this is a preview release and while it’s as close to the final release as we can get it, its use is not recommended for production environments.
Core developers: time to work on documentation now
- Are all your changes properly documented?
- Are they mentioned in What’s New?
- Did you notice other changes you know of to have insufficient documentation?
Major new features of the 3.13 series, compared to 3.12
Some of the new major new features and changes in Python 3.13 are:
New features
- A new and improved interactive interpreter, based on PyPy’s, featuring multi-line editing and color support, as well as colorized exception tracebacks.
- An experimental free-threaded build mode, which disables the Global Interpreter Lock, allowing threads to run more concurrently. The build mode is available as an experimental feature in the Windows and macOS installers as well.
- A preliminary, experimental JIT, providing the ground work for significant performance improvements.
- The
locals()
builtin function (and its C equivalent) now has well-defined semantics when mutating the returned mapping, which allows debuggers to operate more consistently. - A modified version of mimalloc is now included, optional but enabled by default if supported by the platform, and required for the free-threaded build mode.
- Docstrings now have their leading indentation stripped, reducing memory use and the size of .pyc files. (Most tools handling docstrings already strip leading indentation.)
- The dbm module has a new dbm.sqlite3 backend that is used by default when creating new files.
- The minimum supported macOS version was changed from 10.9 to 10.13 (High Sierra). Older macOS versions will not be supported going forward.
- WASI is now a Tier 2 supported platform. Emscripten is no longer an officially supported platform (but Pyodide continues to support Emscripten).
- iOS is now a Tier 3 supported platform
- Android is now a Tier 3 supported platform as well.
Typing
- Support for type defaults in type parameters.
- A new type narrowing annotation,
typing.TypeIs
. - A new annotation for read-only items in TypeDicts.
- A new annotation for marking deprecations in the type system.
Removals and new deprecations
- PEP 594 (Removing dead batteries from the standard library) scheduled removals of many deprecated modules:
aifc
,audioop
,chunk
,cgi
,cgitb
,crypt
,imghdr
,mailcap
,msilib
,nis
,nntplib
,ossaudiodev
,pipes
,sndhdr
,spwd
,sunau
,telnetlib
,uu
,xdrlib
,lib2to3
. - Many other removals of deprecated classes, functions and methods in various standard library modules.
- C API removals and deprecations. (Some removals present in alpha 1 were reverted in alpha 2, as the removals were deemed too disruptive at this time.)
- New deprecations, most of which are scheduled for removal from Python 3.15 or 3.16.
(Hey, fellow core developer, if a feature you find important is missing from this list, let Thomas know.)
For more details on the changes to Python 3.13, see What’s new in Python 3.13. The next release of Python 3.13 will be the official 3.13.0 release, currently scheduled for Monday, 2024-10-07.
More resources
- Online Documentation
- PEP 719, 3.13 Release Schedule
- Report bugs at Issues · python/cpython · GitHub.
- Help fund Python directly (or via GitHub Sponsors), and support the Python community.
Enjoy the new releases
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.
Your release team,
Thomas Wouters
Łukasz Langa
Ned Deily
Steve Dower -
Python 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20 are now available!
Hi there!
A big joint release today. Mostly security fixes but we also have the final release candidate of 3.13 so let’s start with that!Python 3.13.0RC2
Final opportunity to test and find any show-stopper bugs before we bless and release 3.13.0 final on October 1st.
Get it here: Python Release Python 3.13.0rc2 | Python.org
Call to action
We strongly encourage maintainers of third-party Python projects to prepare their projects for 3.13 compatibilities during this phase, and where necessary publish Python 3.13 wheels on PyPI to be ready for the final release of 3.13.0. Any binary wheels built against Python 3.13.0rc2 will work with future versions of Python 3.13. As always, report any issues to the Python bug tracker.
Please keep in mind that this is a preview release and while it’s as close to the final release as we can get it, its use is not recommended for production environments.
Core developers: time to work on documentation now
- Are all your changes properly documented?
- Are they mentioned in What’s New?
- Did you notice other changes you know of to have insufficient documentation?
As a reminder, until the final release of 3.13.0, the 3.13 branch is set up so that the Release Manager (@thomas) has to merge the changes. Please add him (
@Yhg1s
on GitHub) to any changes you think should go into 3.13.0. At this point, unless something critical comes up, it should really be documentation only. Other changes (including tests) will be pushed to 3.13.1.New features in Python 3.13
- A new and improved interactive interpreter, based on PyPy’s, featuring multi-line editing and color support, as well as colorized exception tracebacks.
- An experimental free-threaded build mode, which disables the Global Interpreter Lock, allowing threads to run more concurrently. The build mode is available as an experimental feature in the Windows and macOS installers as well.
- A preliminary, experimental JIT, providing the ground work for significant performance improvements.
- The
locals()
builtin function (and its C equivalent) now has well-defined semantics when mutating the returned mapping, which allows debuggers to operate more consistently. - The (cyclic) garbage collector is now incremental, which should mean shorter pauses for collection in programs with a lot of objects.
- A modified version of mimalloc is now included, optional but enabled by default if supported by the platform, and required for the free-threaded build mode.
- Docstrings now have their leading indentation stripped, reducing memory use and the size of .pyc files. (Most tools handling docstrings already strip leading indentation.)
- The dbm module has a new dbm.sqlite3 backend that is used by default when creating new files.
- The minimum supported macOS version was changed from 10.9 to 10.13 (High Sierra). Older macOS versions will not be supported going forward.
- WASI is now a Tier 2 supported platform. Emscripten is no longer an officially supported platform (but Pyodide continues to support Emscripten).
- iOS is now a Tier 3 supported platform, with Android on the way as well.
Python 3.12.6
This is an expedited release for 3.12 due to security content. The schedule returns back to regular programming in October.
One notable change for macOS users: as mentioned in the previous release of 3.12, this release drops support for macOS versions 10.9 through 10.12. Versions of macOS older than 10.13 haven’t been supported by Apple since 2019, and maintaining support for them has become too difficult. (All versions of Python 3.13 have already dropped support for them.)
Get it here: Python Release Python 3.12.6 | Python.org
92 commits.
Python 3.11.10
Python 3.11 joins the elite club of security-only versions with no binary installers.
Get it here: Python Release Python 3.11.10 | Python.org
28 commits.
Python 3.10.15
Get it here: Python Release Python 3.10.15 | Python.org
24 commits.
Python 3.9.20
Get it here: Python Release Python 3.9.20 | Python.org
22 commits.
Python 3.8.20
Python 3.8 is very close to End of Life (see the Release Schedule). Will this be the last release of 3.8 ever? We’ll see… but now I think I jinxed it.
Get it here: Python Release Python 3.8.20 | Python.org
22 commits.
Security content in today’s releases
- gh-123678 and gh-116741: Upgrade bundled libexpat to 2.6.3 to fix CVE-2024-28757, CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492.
- gh-118486:
os.mkdir()
on Windows now accepts mode of0o700
to restrict the new directory to the current user. This fixes CVE-2024-4030 affectingtempfile.mkdtemp()
in scenarios where the base temporary directory is more permissive than the default. - gh-123067: Fix quadratic complexity in parsing
"
-quoted cookie values with backslashes byhttp.cookies
. Fixes CVE-2024-7592. - gh-113171: Fixed various false positives and false negatives in IPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private, IPv6Address.is_global. Fixes CVE-2024-4032.
- gh-67693: Fix
urllib.parse.urlunparse()
andurllib.parse.urlunsplit()
for URIs with path starting with multiple slashes and no authority. Fixes CVE-2015-2104. - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for
python -i
, as well as forpython -m asyncio
. The event in question iscpython.run_stdin
. - gh-122133: Authenticate the socket connection for the
socket.socketpair()
fallback on platforms whereAF_UNIX
is not available like Windows. - gh-121285: Remove backtracking from tarfile header parsing for
hdrcharset
, PAX, and GNU sparse headers. That’s CVE-2024-6232. - gh-114572:
ssl.SSLContext.cert_store_stats()
andssl.SSLContext.get_ca_certs()
now correctly lock access to the certificate store, when thessl.SSLContext
is shared across multiple threads. - gh-102988:
email.utils.getaddresses()
andemail.utils.parseaddr()
now return('', '')
2-tuples in more situations where invalid email addresses are encountered instead of potentially inaccurate values. Add optional strict parameter to these two functions: usestrict=False
to get the old behavior, accept malformed inputs.getattr(email.utils, 'supports_strict_parsing', False)
can be use to check if the strict paramater is available. This improves the CVE-2023-27043 fix. - gh-123270: Sanitize names in
zipfile.Path
to avoid infinite loops (gh-122905) without breaking contents using legitimate characters. That’s CVE-2024-8088. - gh-121650:
email
headers with embedded newlines are now quoted on output. Thegenerator
will now refuse to serialize (write) headers that are unsafely folded or delimited; seeverify_generated_headers
. That’s CVE-2024-6923. - gh-119690: Fixes data type confusion in audit events raised by
_winapi.CreateFile
and_winapi.CreateNamedPipe
. - gh-116773: Fix instances of
<_overlapped.Overlapped object at 0xXXX> still has pending operation at deallocation, the process may crash
. - gh-112275: A deadlock involving
pystate.c
’sHEAD_LOCK
inposixmodule.c
at fork is now fixed.
Stay safe and upgrade!
Upgrading is highly recommended to all users of affected versions.
Thank you for your support
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.
–
Łukasz Langa @ambv
on behalf of your friendly release team,Ned Deily @nad
Steve Dower @steve.dower
Pablo Galindo Salgado @pablogsal
Łukasz Langa @ambv
Thomas Wouters @thomas