1. Forum
  2. Newsgroups
  3. comp.lang.python.announce

  • [Python-announce] [RELEASE] Python 3.11.4, 3.10.12, 3.9.17, 3.8.17, 3.7.17, and 3.12.0 beta 2 are now available

    From =?utf-8?Q?=C5=81ukasz_Langa?=@lukasz@langa.pl to comp.lang.python.announce on Wed Jun 7 08:58:19 2023
    From Newsgroup: comp.lang.python.announce


    --Apple-Mail=_94B2530A-B517-4255-BC6B-1CE17E2CDB32
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain;
    charset=utf-8

    Greetings! Time for another combined release of six separate versions of = Python!

    =
    <https://discuss.python.org/t/python-3-11-4-3-10-12-3-9-17-3-8-17-3-7-17-a= nd-3-12-0-beta-2-are-now-availble/27477#before-you-scroll-away-to-the-down= load-links-1>Before you scroll away to the download links

    Please test the 3.12 beta! Downloading it and trying it out helps us a =
    lot in ensuring Python 3.12.0 will be as polished as possible.

    We welcome 3.10 to the prestigious club of security-only releases. = It=E2=80=99s officially an old version of Python now! If you haven=E2=80=99=
    t rewritten all your if:elif:else:s with pattern matching yet, are you =
    even still writing Python?

    At the same time, it looks like 3.7 is reaching end-of-life. Unless =
    another security release happens in June, 3.7.17 will be the final =
    release of Python 3.7. I mean, now that I typed it out for all you to =
    read, I=E2=80=99m sure I jinxed it. But in case I didn=E2=80=99t, I =
    would like to thank Ned Deily for serving as the release manager of =
    Python 3.6 and Python 3.7. He was my mentor as Release Manager, and =
    continues serving Python as the provider of Mac installers for new =
    releases. Thank you, Ned!

    Speaking of installers, Steve Dower used to be the sole provider of =
    Windows installers for Python releases for years now. His secret was a = well-automated Azure pipeline that let him build, sign, and publish =
    releases with minimal manual effort. Now he extended the power to press =
    the blue =E2=80=9CRun pipeline=E2=80=9D button to more members of the =
    team. Thank you, Steve! This is an important bus factor increment. In =
    fact, the Windows installers for both 3.12.0b2 and 3.11.4 were made by = meinitiated by me = <https://dev.azure.com/Python/cpython/_build/results?buildId=3D129764&view= =3Dresults>. If there=E2=80=99s anything wrong with them, well, I guess =
    that means I pressed the button wrong.

    =
    <https://discuss.python.org/t/python-3-11-4-3-10-12-3-9-17-3-8-17-3-7-17-a= nd-3-12-0-beta-2-are-now-availble/27477#security-fixes-in-todays-releases-= 2>Security fixes in today=E2=80=99s releases

    Updating is recommended due to security content:

    3.7 - 3.12: gh-103142 <https://github.com/python/cpython/issues/103142>: =
    The version of OpenSSL used in Windows and Mac installers has been =
    upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, =
    CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, =
    and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727).
    3.7 - 3.11: gh-102153 <https://github.com/python/cpython/issues/102153>: = urllib.parse.urlsplit() now strips leading C0 control and space =
    characters following the specification for URLs defined by WHATWG in =
    response to CVE-2023-24329.
    3.7 - 3.11: gh-99889 <https://github.com/python/cpython/issues/99889>: =
    Fixed a security in flaw in uu.decode() that could allow for directory = traversal based on the input if no out_file was specified.
    3.7 - 3.11: gh-104049 <https://github.com/python/cpython/issues/104049>: =
    Do not expose the local on-disk location in directory indexes produced =
    by http.client.SimpleHTTPRequestHandler.
    3.7 - 3.11: gh-101283 <https://github.com/python/cpython/issues/101283>: = subprocess.Popen now uses a safer approach to find cmd.exe when =
    launching with shell=3DTrue.
    3.8 - 3.11: gh-103935 <https://github.com/python/cpython/issues/103935>: = trace.__main__ now uses io.open_code() for files to be executed instead =
    of raw open().
    3.8 - 3.11: gh-102953 <https://github.com/python/cpython/issues/102953>: =
    The extraction methods in tarfile, and shutil.unpack_archive(), have a =
    new filterargument that allows limiting tar features than may be =
    surprising or dangerous, such as creating files outside the destination = directory. See Extraction filters = <https://docs.python.org/3/library/tarfile.html#extraction-filters> for = details.
    3.9: gh-102126 <https://github.com/python/cpython/issues/102126>: Fixed =
    a deadlock at shutdown when clearing thread states if any finalizer =
    tries to acquire the runtime head lock.
    3.9: gh-100892 <https://github.com/python/cpython/issues/100892>: Fixed =
    a crash due to a race while iterating over thread states in clearing = threading.local.
    Python 3.12.0 beta 2

    Get it here: 3.12.0b2 = <https://www.python.org/downloads/release/python-3120b2/>
    116 new commits since 3.12.0 beta 1.

    Python 3.11.4

    Get it here: 3.11.4 =
    <https://www.python.org/downloads/release/python-3114/>
    233 new commits.

    Python 3.10.12

    Get it here: 3.10.12 =
    <https://www.python.org/downloads/release/python-31012/>
    Security-only release with no binaries. 20 new commits.

    Python 3.9.17

    Get it here: 3.9.17 =
    <https://www.python.org/downloads/release/python-3917/>
    Security-only release with no binaries. 26 commits.

    Python 3.8.17

    Get it here: 3.8.17 =
    <https://www.python.org/downloads/release/python-3817/>
    Security-only release with no binaries. 24 commits.

    Python 3.7.17

    Get it here as it might be the last release of 3.7 ever = <https://peps.python.org/pep-0537/>:
    3.7.17 <https://www.python.org/downloads/release/python-3717/>
    Security-only release with no binaries. 21 commits.

    We hope you enjoy the new releases!

    Thanks to all of the many volunteers who help make Python Development =
    and these releases possible! Please consider supporting our efforts by = volunteering yourself or through organization contributions to the =
    Python Software Foundation <https://www.python.org/psf/>.

    =E2=80=93
    =C5=81ukasz Langa @ambv <https://discuss.python.org/u/ambv>
    on behalf of your friendly release team,

    Ned Deily @nad <https://discuss.python.org/u/nad>
    Steve Dower @steve.dower <https://discuss.python.org/u/steve.dower>
    Pablo Galindo Salgado @pablogsal =
    <https://discuss.python.org/u/pablogsal>
    =C5=81ukasz Langa @ambv <https://discuss.python.org/u/ambv>
    Thomas Wouters @thomas <https://discuss.python.org/u/thomas>

    --Apple-Mail=_94B2530A-B517-4255-BC6B-1CE17E2CDB32
    Content-Transfer-Encoding: 7bit
    Content-Disposition: attachment;
    filename=signature.asc
    Content-Type: application/pgp-signature;
    name=signature.asc
    Content-Description: Message signed with OpenPGP

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmSAKosACgkQsmmV4xAl BWgZSg//TtPNe5VLopMjKQhLx6jIaqaLkuQynV/LF7v1qlpD5dnwZv6oJttQm+3u ke1owN5BskDk/+dUtKaqt6FXT8Kav2kJAd14qYMwQCas1M3vPsX9jqX73qmPfeyo NQSpXjqfIlWFNb6OGPK3DIK6u3O0N/qqva9Y/OIpYIW+SiIWxRdIYazfQ2YhR9bS eGwmaixq+l8Zv7WKfgIreict8HVYOZoTU4D1mzWxhiDqvtKs7LWAsEG4JLg3/GXt jGf6naH2sU4fZNTNrYiZA7dDXNX3A3f3u1o/1R2u009V7W4/6RLqadwfSfG+fFNp u25pOVSNYWccgsxSYjVN2c6FTrrz0YblijHEn4gdu0cecxnmVF+kDCfmSH4I1LeY xpFkM6MRz+AxePKHSwATAEsvbXIfWAlMiYm6fjlEE+zKFKV/Zm2uHlaXRi2HUb+L YV0stsu7HwthySw0U82qX9GvGYts8QJVzPnq2RUkskcH4900MPeMOufYEwdOoT3z EOQE6AU5uGrN4UEhI+ArwvUVo9Qwx4khGtRrDzFlgRYJ+AByXNnX2IAJA9rDRMKM 4AUCdvsCLYDBHGNkVmtVVqa1zBclStlISnY0a7r3nfg+86R2OL/2d5t0bUJ0NMW6 gwQnpopumAvuDpQ4Jdy34JrHLMa2Qe8/r/clgXXM/U7Es6jTtxs=
    =lbUM
    -----END PGP SIGNATURE-----

    --Apple-Mail=_94B2530A-B517-4255-BC6B-1CE17E2CDB32--
    --- Synchronet 3.20a-Linux NewsLink 1.114