Python 3.11.5, 3.10.13, 3.9.18, and 3.8.18 is now available

There’s security content in the releases, let’s dive right in.

• gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 1 by Aapo Oksman. Patch by Gregory P. Smith.

Upgrading is highly recommended to all users of affected versions.

Python 3.11.5

Get it here: https://www.python.org/downloads/release/python-3115/

This release was held up somewhat by the resolution of this CVE, which is why it includes a whopping 328 new commits since 3.11.4 (compared to 238 commits between 3.10.4 and 3.10.5). Among those, there is a fix for CVE-2023-41105 which affected Python 3.11.0 - 3.11.4. See gh-106242 for details.

There are also some fixes for crashes, check out the change log to see all information.

Most importantly, the release notes on the downloads page include a description of the Larmor precession. I understood some of the words there!

Python 3.10.13

Get it here: https://www.python.org/downloads/release/python-31013/

16 commits.

Python 3.9.18

Get it here: https://www.python.org/downloads/release/python-3918/

11 commits.

Python 3.8.18

Get it here: https://www.python.org/downloads/release/python-3818/

9 commits.

Stay safe and upgrade!

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

–
Łukasz Langa @ambv
on behalf of your friendly release team,

Ned Deily @nad
Steve Dower @steve.dower
Pablo Galindo Salgado @pablogsal
Łukasz Langa @ambv
Thomas Wouters @thomas

Python 3.12.0 release candidate 1 released

 

 I'm pleased to announce the release of Python 3.12 release candidate 1.

https://www.python.org/downloads/release/python-3120rc1/

This is the first release candidate of Python 3.12.0

This release, 3.12.0rc1, is the penultimate release preview. Entering the release candidate phase, only reviewed code changes which are clear bug fixes are allowed between this release candidate and the final release. The second candidate (and the last planned release preview) is scheduled for Monday, 2023-09-04, while the official release of 3.12.0 is scheduled for Monday, 2023-10-02.

There will be no ABI changes from this point forward in the 3.12 series, and the goal is that there will be as few code changes as possible.

Call to action

We strongly encourage maintainers of third-party Python projects to prepare their projects for 3.12 compatibilities during this phase, and where necessary publish Python 3.12 wheels on PyPI to be ready for the final release of 3.12.0. Any binary wheels built against Python 3.12.0rc1 will work with future versions of Python 3.12. As always, report any issues to the Python bug tracker.

Please keep in mind that this is a preview release and while it’s as close to the final release as we can get it, its use is not recommended for production environments.

Core developers: time to work on documentation now

• Are all your changes properly documented?
• Are they mentioned in What’s New?
• Did you notice other changes you know of to have insufficient documentation?

Major new features of the 3.12 series, compared to 3.11

New features

• More flexible f-string parsing, allowing many things previously disallowed (PEP 701).
• Support for the buffer protocol in Python code (PEP 688).
• A new debugging/profiling API (PEP 669).
• Support for isolated subinterpreters with separate Global Interpreter Locks (PEP 684).
• Even more improved error messages. More exceptions potentially caused by typos now make suggestions to the user.
• Support for the Linux perf profiler to report Python function names in traces.
• Many large and small performance improvements (like PEP 709), delivering an estimated 5% overall performance improvement^{citation needed}.

Type annotations

• New type annotation syntax for generic classes (PEP 695).
• New override decorator for methods (PEP 698).

Deprecations

• The deprecated wstr and wstr_length members of the C implementation of unicode objects were removed, per PEP 623.
• In the unittest module, a number of long deprecated methods and classes were removed. (They had been deprecated since Python 3.1 or 3.2).
• The deprecated smtpd and distutils modules have been removed (see PEP 594 and PEP 632. The setuptools package continues to provide the distutils module.
• A number of other old, broken and deprecated functions, classes and methods have been removed.
• Invalid backslash escape sequences in strings now warn with SyntaxWarning instead of DeprecationWarning, making them more visible. (They will become syntax errors in the future.)
• The internal representation of integers has changed in preparation for performance enhancements. (This should not affect most users as it is an internal detail, but it may cause problems for Cython-generated code.)

(Hey, fellow core developer, if a feature you find important is missing from this list, let Thomas know.)

For more details on the changes to Python 3.12, see What’s new in Python 3.12. The next pre-release of Python 3.12 will be 3.12.0rc2, the final release candidate, currently scheduled for 2023-09-04.

More resources

• Online Documentation.
• PEP 693, the Python 3.12 Release Schedule.
• Report bugs via GitHub Issues.
• Help fund Python and its community.

Enjoy the new release

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Your release team,

Thomas Wouters

Ned Deily

Steve Dower

Łukasz Langa