Thursday, March 24, 2022

Python 3.10.4 and 3.9.12 are now available out of schedule

Did anybody say cursed releases? Well, it turns out that 3.10.3 and 3.9.11 both shipped a regression which caused those versions not to build on Red Hat Enterprise Linux 6. While this 11-year-old version is now out of maintenance support, it’s still used in production workloads. Some of those rely on Python 3.9 and/or 3.10. In particular, our own manylinux2010 image used to build widely compatible Linux wheels is based on CentOS 6. (Don’t worry, we do have newer manylinux* variants, see PEP 599 and PEP 600 for details.)

Due to the out-of-schedule release, the respective versions released today contain a very limited set of changes. Python 3.9.12 only contains 12 other bug fixes on top of 3.9.11. Python 3.10.4 only contains 10 other bug fixes on top of 3.10.3.

Get 3.10.4 here: Python Release Python 3.10.4 | Python.org
Get 3.9.12 here: Python Release Python 3.9.12 | Python.org

Hopefully, the third time’s a charm and we’ll return no sooner than May with the regularly scheduled bug fix releases of 3.9 and 3.10.

We hope you enjoy the new releases

Your friendly release team,
Łukasz Langa @ambv
Pablo Galindo Salgado @pablogsal
Ned Deily @nad
Steve Dower @steve.dower

Wednesday, March 16, 2022

Python 3.10.3, 3.9.11, 3.8.13, and 3.7.13 are now available with security content

Welcome again to the exciting world of releasing new Python versions!

Last time around I was complaining about cursed releases. This time around I could complain about security content galore and how one of them ruined my ingenious idea to release Python on Pi Day and call it Py Day. Well, you can’t have everything in life. Or at least not everything at once.

And yet it seems this time around we’ve got a lot of security fixes all at once. Just look at this list:

  • 15 (sic!) CVEs: libexpat upgraded from 2.4.1 to 2.4.7 (BPO-46794, BPO-46932, BPO-46811, BPO-46784, BPO-46400)
  • CVE-2022-0778: OpenSSL upgraded from 1.1.1l to 1.1.1n in macOS and Windows installers (BPO-47024)
  • CVE-2016-3189, CVE-2019-12900: bzip2 upgraded from 1.0.6 to 1.0.8 in Windows installers (BPO-44549)
  • CVE-2022-26488: Windows installer now ensures the correct path is being repaired when “Add to PATH” is used (BPO-46948)
  • CVE-2021-28363: bundled pip upgraded from 21.2.4 to 22.0.4 (BPO-46985)
  • authorization bypass fixed in urllib.request (BPO-46756)
  • REDoS avoided in importlib.metadata (BPO-46474)
  • SQLite upgraded from 3.36.0 to 3.37.2 in macOS and Windows installers (BPO-45925)

Python 3.10.3

Get it here: https://www.python.org/downloads/release/python-3103/

Python 3.10.3 is the third maintenance release of the newest version of the Python programming language, which contains many new features and optimizations. We recommend it over the other releases listed below.

This is a large bugfix release with 220 commits since 3.10.2. Just look at the change log!

The next maintenance release of Python 3.10 is planned for early June.

Python 3.9.11

Get it here: https://www.python.org/downloads/release/python-3911/

This is the penultimate planned full bugfix release of Python 3.9. In mid-May, we’ll be releasing the last one, after which the 3.9 series will enter its security-only fixes period. More details in PEP 596.

Python 3.9 is the first Python version since 2.7 to have a regular bugfix release larger than “.10”. It’s also still a significant release at 163 commits since 3.9.10. That’s in fact 30+ commits more than between 3.9.9 and 3.9.10. The change log isn’t as long as the 3.10.3 one but it’s still pretty extensive!

As a reminder, on macOS, the default installer is now the new universal2 variant. It’s compatible with Mac OS X 10.9 and newer, including macOS 11 Big Sur and macOS 12 Monterey. Python installed with this variant will work natively on Apple Silicon processors.

Python 3.8.13

Get it here: https://www.python.org/downloads/release/python-3813/

Changes here are almost exclusively security-only as the life cycle of Python versions prescribes. You might have noticed there is a small number of regular bug fixes nonetheless. This is because without those we wouldn’t be able to continue running the full test suite for the 3.8 branch. This in turn could hide regressions in future security fixes.

Python 3.7.13

Get it here: https://www.python.org/downloads/release/python-3713/

Just like 3.8, Python 3.7 is in its security-only fixes period. In turn, the changes in 3.7.13 look almost identical to the ones in 3.8.13.

Python 3.7 will continue to receive source-only releases until June 2023.

We hope you enjoy the new releases

Your friendly release team,
Łukasz Langa @ambv
Pablo Galindo Salgado @pablogsal
Ned Deily @nad
Steve Dower @steve.dower

Monday, March 7, 2022

Python 3.11.0a6 is available

There are no easy releases these days! :sweat: After a week of delay due to several release blockers, buildbot problems and pandemic-related difficulties here is 3.11.0a6 for you to test.

https://www.python.org/downloads/release/python-3110a6/

Major new features of the 3.11 series, compared to 3.10

Among the new major new features and changes so far:

  • PEP 657 – Include Fine-Grained Error Locations in Tracebacks
  • PEP 654 –  Exception Groups and except*
  • PEP 673 –   Self Type
  • PEP 646 –  Variadic Generics
  • The Faster Cpython Project is already yielding some exciting results: this version of CPython 3.11 is ~19% faster on the geometric mean of the performance benchmarks, compared to 3.10.0.
  • (Hey, fellow core developer, if a feature you find important is missing from this list, let Pablo know.)

The next pre-release of Python 3.11 will be 3.11.0a7, currently scheduled for Tuesday, 2022-04-05.

More resources

And now for something completely different

In astrophysics and nuclear physics, nuclear pasta is a theoretical type of degenerate matter that is postulated to exist within the crusts of neutron stars. If it does in fact exist, nuclear pasta is the strongest material in the universe. Between the surface of a neutron star and the quark-gluon plasma at the core, at matter densities of 1014 g/cm3, nuclear attraction and Coulomb repulsion forces are of similar magnitude. The competition between the forces leads to the formation of a variety of complex structures assembled from neutrons and protons. Astrophysicists call these types of structures nuclear pasta because the geometry of the structures resembles various types of pasta.

There are several phases of evolution (I swear these names are real), including the gnocchi phase, the spaghetti phase, the lasagna phase, the bucatini phase and the Swiss cheese phase.

We hope you enjoy the new releases!

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.