From Newsgroup: comp.lang.python.announce


--Apple-Mail=_FE73287C-6F69-4333-9206-7E4BB262BBF2
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8

Welcome again to the exciting world of releasing new Python versions!

Last time around I was complaining about cursed releases = <https://discuss.python.org/t/python-3-10-2-3-9-10-and-3-11-0a4-are-now-av= ailable/13146>. This time around I could complain about security content = galore and how one of them = <https://mta.openssl.org/pipermail/openssl-announce/2022-March/000216.html=

ruined my ingenious idea to release Python on Pi Day and call it Py =

Day = <https://discuss.python.org/t/py-day-is-coming-a-joint-security-release-sp= ree-for-python-3-7-3-8-3-9-and-3-10-on-march-14th/14109>. Well, you = can=E2=80=99t have everything in life. Or at least not everything at =
once.

And yet it seems this time around we=E2=80=99ve got a lot of security =
fixes all at once. Just look at this list:

15 (sic!) CVEs: libexpat upgraded from 2.4.1 to 2.4.7 (BPO-46794 = <https://bugs.python.org/issue46794>, BPO-46932 = <https://bugs.python.org/issue46932>, BPO-46811 = <https://bugs.python.org/issue46811>, BPO-46784 = <https://bugs.python.org/issue46784>, BPO-46400 = <https://bugs.python.org/issue46400>)
CVE-2022-0778: OpenSSL upgraded from 1.1.1l to 1.1.1n in macOS and =
Windows installers (BPO-47024 <https://bugs.python.org/issue47024>) CVE-2016-3189, CVE-2019-12900: bzip2 upgraded from 1.0.6 to 1.0.8 in =
Windows installers (BPO-44549 <https://bugs.python.org/issue44549>) CVE-2022-26488: Windows installer now ensures the correct path is being = repaired when =E2=80=9CAdd to PATH=E2=80=9D is used (BPO-46948 = <https://bugs.python.org/issue46948>)
CVE-2021-28363: bundled pip upgraded from 21.2.4 to 22.0.4 (BPO-46985 = <https://bugs.python.org/issue46985>)
authorization bypass fixed in urllib.request (BPO-46756 = <https://bugs.python.org/issue46756>)
REDoS avoided in importlib.metadata (BPO-46474 = <https://bugs.python.org/issue46474>)
SQLite upgraded from 3.36.0 to 3.37.2 in macOS and Windows installers = (BPO-45925 <https://bugs.python.org/issue45925>)
=
<https://discuss.python.org/t/python-3-10-3-3-9-11-3-8-13-and-3-7-13-are-n= ow-available-with-security-content/14353#python-3103-1>Python 3.10.3

Get it here: https://www.python.org/downloads/release/python-3103/ = <https://www.python.org/downloads/release/python-3103/>
Python 3.10.3 is the third maintenance release of the newest version of =
the Python programming language, which contains many new features and = optimizations. We recommend it over the other releases listed below.

This is a large bugfix release with 220 commits since 3.10.2. Just look =
at the change log = <https://docs.python.org/release/3.10.3/whatsnew/changelog.html>!

The next maintenance release of Python 3.10 is planned for early June.

=
<https://discuss.python.org/t/python-3-10-3-3-9-11-3-8-13-and-3-7-13-are-n= ow-available-with-security-content/14353#python-3911-2>Python 3.9.11

Get it here: https://www.python.org/downloads/release/python-3911/ = <https://www.python.org/downloads/release/python-3911/>
This is the penultimate planned full bugfix release of Python 3.9. In = mid-May, we=E2=80=99ll be releasing the last one, after which the 3.9 =
series will enter its security-only fixes period. More details in PEP =
596 <https://www.python.org/dev/peps/pep-0596/>.

Python 3.9 is the first Python version since 2.7 to have a regular =
bugfix release larger than =E2=80=9C.10=E2=80=9D. It=E2=80=99s also =
still a significant release at 163 commits since 3.9.10. That=E2=80=99s =
in fact 30+ commits more than between 3.9.9 and 3.9.10. The change log = <https://docs.python.org/release/3.9.11/whatsnew/changelog.html> isn=E2=80= =99t as long as the 3.10.3 one but it=E2=80=99s still pretty extensive!

As a reminder, on macOS, the default installer is now the new universal2 = variant. It=E2=80=99s compatible with Mac OS X 10.9 and newer, including = macOS 11 Big Sur and macOS 12 Monterey. Python installed with this =
variant will work natively on Apple Silicon processors.

=
<https://discuss.python.org/t/python-3-10-3-3-9-11-3-8-13-and-3-7-13-are-n= ow-available-with-security-content/14353#python-3813-3>Python 3.8.13

Get it here: https://www.python.org/downloads/release/python-3813/ = <https://www.python.org/downloads/release/python-3813/>
Changes <https://docs.python.org/release/3.8.13/whatsnew/changelog.html> =
here are almost exclusively security-only as the life cycle of Python = versions prescribes. You might have noticed there is a small number of = regular bug fixes nonetheless. This is because without those we = wouldn=E2=80=99t be able to continue running the full test suite for the =
3.8 branch. This in turn could hide regressions in future security =
fixes.

=
<https://discuss.python.org/t/python-3-10-3-3-9-11-3-8-13-and-3-7-13-are-n= ow-available-with-security-content/14353#python-3713-4>Python 3.7.13

Get it here: https://www.python.org/downloads/release/python-3713/ = <https://www.python.org/downloads/release/python-3713/>
Just like 3.8, Python 3.7 is in its security-only fixes period. In turn, =
the changes in 3.7.13 = <https://docs.python.org/release/3.7.13/whatsnew/changelog.html> look =
almost identical to the ones in 3.8.13.

Python 3.7 will continue to receive source-only releases until June =
2023.


=
<https://discuss.python.org/t/python-3-10-3-3-9-11-3-8-13-and-3-7-13-are-n= ow-available-with-security-content/14353#we-hope-you-enjoy-the-new-release= s-5>We hope you enjoy the new releases

Your friendly release team,
=C5=81ukasz Langa @ambv <https://discuss.python.org/u/ambv>
Pablo Galindo Salgado @pablogsal =
<https://discuss.python.org/u/pablogsal>
Ned Deily @nad <https://discuss.python.org/u/nad>
Steve Dower @steve.dower <https://discuss.python.org/u/steve.dower>

--Apple-Mail=_FE73287C-6F69-4333-9206-7E4BB262BBF2
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmIyDE4ACgkQsmmV4xAl BWgRbBAAkuFqNLq4cZ7MT/hveh+bbfOIn7jnZ4TrhlxxRpZSPgK9HM760/iEAgBg x9sm6mGFCw+5wuAik2zR+1PMg6wIvvOT29ig0aVS7/CaWegAumXvo+8+ZTecUs/B PuamCGMjFslVVQPeqHQpYq3Ozys50IvSdKJAQ5WnLNNyvlsBrYQdNByc/2qSrF0g O4M/fgXF6c3FT1V/x98DVvptvLT7edb0kch0bl7pYVSxI5JLhqrgUsaqB7qOP97c b2RJRF0cGDvuEU1Rai8hkxWuvJ4b4p0+b3mjReup2E3FgGzJavzL/hwWgi1YnOEp Ywy9lV8XytMi9KhRHnGgweW7olDu1Orn3NJ5l3iQN1TnZsOl1tVaprMoE/GGEvlq Q67NAyTyQMZuh1jjBcFgeb5Aiwm6GvooP6tGqILoDRlOUZk+7EBHHRapIchh3HZs HFFBP4ivwexjpy1aTNc9G+Z/3eXaZp9Effi/jI3h6JhCs0/gD7J7BFLoH5WDzZMB gVud5Nuq1WgANfal7aatD3c/+exQCq9TaPGtnxzuBYOsnb8VY4gD9U1vOr/ZNrwE FwZJfl/yW++m1qZ7KhiDCD+soCsQyRmN9WOgbkd44mo4WVowtjl67XTTvpTl5H4c 8RTJngzu60CkArB3U/b30GjQYTjWnFGGNTOXGzA2JgqxBFdUPG8=
=U37F
-----END PGP SIGNATURE-----

--Apple-Mail=_FE73287C-6F69-4333-9206-7E4BB262BBF2--
--- Synchronet 3.19c-Linux NewsLink 1.113