| Deutsch English Français Italiano |
|
<mailman.118.1710894902.3452.python-list@python.org> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!fu-berlin.de!uni-berlin.de!not-for-mail From: =?utf-8?Q?=C5=81ukasz_Langa?= <lukasz@langa.pl> Newsgroups: comp.lang.python Subject: [RELEASE] Python 3.10.14, 3.9.19, and 3.8.19 is now available Date: Wed, 20 Mar 2024 01:34:46 +0100 Lines: 175 Message-ID: <mailman.118.1710894902.3452.python-list@python.org> References: <6CA8C58A-3ABD-4F75-9357-D48FFCBFFDFC@langa.pl> Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\)) Content-Type: multipart/signed; boundary="Apple-Mail=_E88D634E-85ED-49D6-BC1E-183309686103"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Trace: news.uni-berlin.de mjsZwxDyDNEGETXW2T1VogTCpgAp1WkL9LWKJFTNPW/w== Cancel-Lock: sha1:D9mZzl9zFC+/obdAsYxhRAi91QU= sha256:wsM2HVdbOwiAZTifO2V9wNy85i7tpqc+rUPWFSgg6zU= Return-Path: <lukasz@langa.pl> X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org Authentication-Results: mail.python.org; dkim=pass reason="2048-bit key; unprotected key" header.d=langa.pl header.i=@langa.pl header.b=tu3Zpn06; dkim-adsp=pass; dkim-atps=neutral X-Spam-Status: OK 0.001 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'psf': 0.02; 'url- ip:140.82/16': 0.03; 'containing': 0.05; 'content- type:multipart/signed': 0.05; 'volunteers': 0.05; 'url:downloads': 0.07; 'python.': 0.08; '<>,': 0.09; 'content-type:application/pgp- signature': 0.09; 'fact,': 0.09; 'filename:fname piece:asc': 0.09; 'filename:fname piece:signature': 0.09; 'filename:fname:signature.asc': 0.09; 'macos': 0.09; 'manages': 0.09; 'ned': 0.09; 'pablo': 0.09; 'threads': 0.09; 'upgrading': 0.09; 'url-ip:151.101.0.223/32': 0.09; 'url- ip:151.101.128.223/32': 0.09; 'url-ip:151.101.192.223/32': 0.09; 'url-ip:151.101.64.223/32': 0.09; 'url-ip:184.105/16': 0.09; 'url:discuss': 0.09; 'url:release': 0.09; 'subject:Python': 0.12; 'url:github': 0.14; 'url-ip:140/8': 0.15; '<>:': 0.16; 'artifacts': 0.16; 'boring': 0.16; 'bus': 0.16; 'bypass': 0.16; 'cve': 0.16; 'deily': 0.16; 'ensuring': 0.16; 'first:': 0.16; 'galindo': 0.16; 'howdy!': 0.16; 'integer': 0.16; 'possible!': 0.16; 'psf\xe2\x80\x99s': 0.16; 'received:10.202': 0.16; 'received:10.202.2': 0.16; 'received:internal': 0.16; 'received:messagingengine.com': 0.16; 'releases': 0.16; 'respective': 0.16; 'salgado': 0.16; 'so-called': 0.16; 'triggered': 0.16; 'url:cpython': 0.16; 'wouters': 0.16; '\xc5\x81ukasz': 0.16; 'python': 0.16; 'developer': 0.16; 'github': 0.17; 'round': 0.19; 'server.': 0.19; 'to:addr:python- list': 0.20; 'subject:] ': 0.21; 'to:no real name:2**1': 0.22; 'thanks!': 0.24; 'anything': 0.25; 'programming': 0.25; 'certificate': 0.26; 'manager,': 0.26; 'local': 0.27; 'bit': 0.27; 'done': 0.28; 'fact': 0.28; 'foundation.': 0.28; 'computer': 0.29; 'sfxlen:2': 0.31; 'official': 0.32; 'actions': 0.32; 'downloads': 0.32; 'language.': 0.32; 'but': 0.32; 'windows': 0.34; 'release': 0.34; 'files': 0.36; 'built': 0.36; 'errors': 0.36; 'source': 0.36; 'those': 0.36; 'subject:[': 0.37; 'directory': 0.37; 'file': 0.38; 'put': 0.38; 'read': 0.38; 'thanks': 0.38; 'above': 0.62; 'python.org': 0.62; 'url-ip:151.101.0/24': 0.62; 'url- ip:151.101.128/24': 0.62; 'url-ip:151.101.192/24': 0.62; 'url- ip:151.101.64/24': 0.62; 'here': 0.62; 'url:u': 0.63; 'skip:b 10': 0.63; 'public': 0.63; 'from:charset:utf-8': 0.64; 'security': 0.64; 'our': 0.64; 'lock': 0.64; 'your': 0.64; 'his': 0.65; '&': 0.65; 'skip:t 20': 0.66; 'listed': 0.67; 'worked': 0.67; 'url-ip:18/8': 0.67; 'factor': 0.69; 'residence': 0.69; 'skip:\xe2 20': 0.69; 'store,': 0.69; 'url:news': 0.69; 'affected': 0.70; 'longer': 0.71; 'content': 0.72; 'url:t': 0.73; 'deal': 0.73; 'yourself': 0.75; 'skip:f 20': 0.75; 'exposed': 0.76; 'supposed': 0.76; '8bit%:30': 0.78; 'out,': 0.78; 'highly': 0.78; 'quality': 0.80; 'we\xe2\x80\x99ve': 0.81; 'url:media': 0.84; '<>).': 0.84; 'accurate.': 0.84; 'attribute': 0.84; 'became': 0.84; 'bounds': 0.84; 'factor.': 0.84; 'summarized': 0.84; 'that!': 0.84; 'time!': 0.84; 'url:08': 0.84; 'fixed.': 0.91; 'news,': 0.91; 'received:103': 0.91; 'central': 0.95; 'hidden': 0.95; 'to:addr :python-announce': 0.97 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langa.pl; h=cc :content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:subject:subject:to:to; s=fm1; t=1710894899; x=1710981299; bh=OTiwV4pbTkLen/v5cyx3LDucB1JgfofQ ct35i34TbFM=; b=tu3Zpn06WMyLNOSs2FjHcpVa5cEMVI/PfnRu3L4Q5W9w7GPk YzKzsK2xzPwZHE82d6R+D5jWe6m0Za081GLeMg+aXQLJytC7MFTrO/KRgeeCb5Yz A6ssJc6Nnj5+btBTBbf31nXNus8iBTGv+dTwmUOe+x5erHKQkGddVWgP88jkSTmh ifAghTu7FylaUgRQmcI92K+zRMfNA1Bwumnj3lHu1/pYFojqlvBDbccAfc9XGda8 CNoLagnDRaSY51Nd8GR6a4ICBL6CjYGbWC7CukRdXHY2tPDSjtBIaq8V3PcajS8N OOG+414sgruL6GYQfPNZZiFAGg+oe3QXJobDIQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1710894899; x=1710981299; bh=OTiwV4pbTkLen/v5cyx3LDucB1JgfofQct3 5i34TbFM=; b=G0MupT0gw9ZrhCNRnPwYmNshwisibPTvRrSwNELcpyYXeK2ELMt JWlvDryeZtDXbORZGHG2YyK9OOo+yZH9SFf7L1WiHEfnjmrnDOlL7+tHyuli+6BU tAGYB0S1U5n4BipjoHRu6zp5rbqIPrga8501Ldmn3uN0V/DuivrEjS3JAp5TwlfO xebj4AePMGH7CkG/bwhbmbRKqWSncfB7mDV/mJXypH9gZlVsQ3Jgw+DOqcXiCJNd wOF8p4BXrnq8NGi6PKJ7gO89dgkA4SLt/dQRiCCaV7VsCBuIr1Xb7h++rABSGS7/ cbaNaUCREzILyFcwsQG/TkuezPzy7si5O8Q== X-ME-Sender: <xms:My_6ZaNeboXnsrov8k9dK59xKrF5lZ7ahOpcrV8LWC71JQWk8yUMSg> <xme:My_6ZY_ZPtn-8GcXR8fu6IGJBJLSz-eompdNwF6MaUSgy1kHGnKdpCbdBgOVbnxWk 9HTR2nxHV9cgIQ> X-ME-Received: <xmr:My_6ZRR0bYAx_fPN5nyyBNH4eXvw1nadPWhTfHXIuDeszcFc8o-UiaxyCLtzOfvO1QzLYTyjk94hmA> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrledugddvhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephfgtggfukfffvffosehgtdhmrehhtd ejnecuhfhrohhmpefnuhhkrghsiicunfgrnhhgrgcuoehluhhkrghsiieslhgrnhhgrgdr phhlqeenucggtffrrghtthgvrhhnpeefvedvudfgieelheeitdeiieekieegleffieeigf evhfekfeekueegudehuddvteenucffohhmrghinhepphihthhhohhnrdhorhhgpdhgihht hhhusgdrtghomhdptghvvgdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpehluhhkrghsiieslhgrnhhgrgdrphhl X-ME-Proxy: <xmx:My_6ZavQN6TnK_QBeImpihP9KnmzDH6L3reRIa_xiG9MQXNLOE0jQw> <xmx:My_6ZSc_JfVH16qAcPCTDhdEH_nkVnXlEpkrVM3AKmmu8TGyso8zAg> <xmx:My_6Ze2Jc2IwrDNwHoB_ld1PnLdnjJsY0Qcx0yDT4_wVc0JoFwG00w> <xmx:My_6ZW85NthtriOoTSw4lX6LVwfGo19aEhmvaLs7tB9vjfyxdgKlVg> <xmx:My_6ZS5geHs74f5ncLjQCNtiJ7aPlAQJpIBcZyOF4zGrpKk5yBvk4g> Feedback-ID: i8e7440be:Fastmail X-Mailer: Apple Mail (2.3731.700.6.1.1) X-Content-Filtered-By: Mailman/MimeDel 2.1.39 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.39 Precedence: list List-Id: General discussion list for the Python programming language <python-list.python.org> List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> List-Archive: <https://mail.python.org/pipermail/python-list/> List-Post: <mailto:python-list@python.org> List-Help: <mailto:python-list-request@python.org?subject=help> List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> X-Mailman-Original-Message-ID: <6CA8C58A-3ABD-4F75-9357-D48FFCBFFDFC@langa.pl> Bytes: 15733 --Apple-Mail=_E88D634E-85ED-49D6-BC1E-183309686103 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Howdy! Those are the boring security releases that aren=E2=80=99t supposed to = bring anything new. But not this time! We do have a bit of news, = actually. But first things first: go update your systems! = <https://discuss.python.org/t/python-3-10-14-3-9-19-and-3-8-19-is-now-avai= lable/48993#python-31014-1>Python 3.10.14 Get it here: Python Release Python 3.10.14 = <https://www.python.org/downloads/release/python-31014/> 26 commits since last release. = <https://discuss.python.org/t/python-3-10-14-3-9-19-and-3-8-19-is-now-avai= lable/48993#python-3919-2>Python 3.9.19 Get it here: Python Release Python 3.9.19 = <https://www.python.org/downloads/release/python-3919/> 26 commits since last release. = <https://discuss.python.org/t/python-3-10-14-3-9-19-and-3-8-19-is-now-avai= lable/48993#python-3819-3>Python 3.8.19 Get it here: Python Release Python 3.8.19 = <https://www.python.org/downloads/release/python-3819/> 28 commits since last release. = <https://discuss.python.org/t/python-3-10-14-3-9-19-and-3-8-19-is-now-avai= lable/48993#security-content-in-this-release-4>Security content in this = release gh-115399 <https://github.com/python/cpython/issues/115399> & gh-115398 = <https://github.com/python/cpython/issues/115398>: bundled libexpat was = updated to 2.6.0 to address CVE-2023-52425 = <https://www.cve.org/CVERecord?id=3DCVE-2023-52425>, and control of the = new reparse deferral functionality was exposed with new APIs. Thanks to = Sebastian Pipping, the maintainer of libexpat, who worked with us = directly on incorporating those fixes! gh-109858 <https://github.com/python/cpython/issues/109858>: zipfile is = now protected from the =E2=80=9Cquoted-overlap=E2=80=9D zipbomb to = address CVE-2024-0450 <https://www.cve.org/CVERecord?id=3DCVE-2024-0450>. = It now raises BadZipFile when attempting to read an entry that overlaps = with another entry or central directory gh-91133 <https://github.com/python/cpython/issues/91133>: = tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when = working around file system permission errors to address CVE-2023-6597 = <https://www.cve.org/CVERecord?id=3DCVE-2023-6597> gh-115197 <https://github.com/python/cpython/issues/115197>: = urllib.request no longer resolves the hostname before checking it = against the system=E2=80=99s proxy bypass list on macOS and Windows gh-81194 <https://github.com/python/cpython/issues/81194>: a crash in = socket.if_indextoname() with a specific value (UINT_MAX) was fixed. = Relatedly, an integer overflow in socket.if_indextoname() on 64-bit = non-Windows platforms was fixed gh-113659 <https://github.com/python/cpython/issues/113659>: .pth files = with names starting with a dot or containing the hidden file attribute = are now skipped gh-102388 <https://github.com/python/cpython/issues/102388>: = iso2022_jp_3 and iso2022_jp_2004 codecs no longer read out of bounds gh-114572 <https://github.com/python/cpython/issues/114572>: = ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now = correctly lock access to the certificate store, when the ssl.SSLContext = is shared across multiple threads ========== REMAINDER OF ARTICLE TRUNCATED ==========