惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
The Register - Security
The Register - Security
月光博客
月光博客
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The GitHub Blog
The GitHub Blog
博客园 - 司徒正美
罗磊的独立博客
U
Unit 42
S
SegmentFault 最新的问题
Y
Y Combinator Blog
博客园_首页
Hugging Face - Blog
Hugging Face - Blog
J
Java Code Geeks
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
C
Check Point Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Simon Willison's Weblog
Simon Willison's Weblog
V
Vulnerabilities – Threatpost
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
阮一峰的网络日志
阮一峰的网络日志
The Hacker News
The Hacker News
博客园 - 叶小钗
C
Cybersecurity and Infrastructure Security Agency CISA
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
S
Securelist
A
Arctic Wolf
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Threatpost
Scott Helme
Scott Helme
博客园 - 聂微东
博客园 - 【当耐特】
T
Tenable Blog
I
Intezer
D
DataBreaches.Net
B
Blog RSS Feed
Security Latest
Security Latest
C
Cisco Blogs
T
Tor Project blog
N
Netflix TechBlog - Medium

Python Insider

Packaging Council Inaugural Election Dates | Python Insider Mitigated API authentication bypass for python.org download metadata | Python Insider Python 3.15.0 beta 3 is here! | Python Insider Python 3.14.6 and 3.13.14 are now available! | Python Insider Python 3.15.0 beta 2 is here! | Python Insider Python 3.14.5 is out! | Python Insider Python 3.15.0 beta 1 is here! | Python Insider Python 3.14.5 release candidate | Python Insider Rust for CPython Progress Update April 2026 | Python Insider Python 3.15.0a8, 3.14.4 and 3.13.13 are out! | Python Insider Python 3.15's JIT is now back on track | Python Insider Python 3.15.0 alpha 7 | Python Insider CPython: 36 Years of Source Code | Python Insider Python 3.12.13, 3.11.15 and 3.10.20 are now available! | Python Insider The Python Insider Blog Has Moved! | Python Insider Join the Python Security Response Team! | Python Insider Python 3.15.0 alpha 6 | Python Insider Python 3.14.3 and 3.13.12 are now available! | Python Insider Python 3.15.0 alpha 5 (yes, another alpha!) | Python Insider Python 3.15.0 alpha 4 | Python Insider Python 3.15.0 alpha 3 | Python Insider Python 3.14.2 and 3.13.11 are now available! | Python Insider Python 3.13.10 is now available, too, you know! | Python Insider Python 3.14.1 is now available! | Python Insider Python 3.15.0 alpha 2 | Python Insider Python 3.15.0 alpha 1 | Python Insider Python 3.13.9 is now available! | Python Insider Python 3.12.12, 3.11.14, 3.10.19 and 3.9.24 are now available! | Python Insider Python 3.13.8 is now available | Python Insider Python 3.14.0 (final) is here! | Python Insider Python 3.14.0rc3 is go! | Python Insider Python 3.14.0rc2 and 3.13.7 are go! | Python Insider Python 3.13.6 is now available | Python Insider Python 3.14 release candidate 1 is go! | Python Insider Python 3.14.0 beta 4 is here! | Python Insider Python 3.14.0 beta 3 is here! | Python Insider Python 3.13.5 is now available! | Python Insider Python 3.14.0 beta 2 is here! | Python Insider Python 3.14.0 beta 1 is here! | Python Insider Python 3.14.0a7, 3.13.3, 3.12.10, 3.11.12, 3.10.17 and 3.9.22 are now available | Python Insider Python 3.14.0 alpha 6 is out | Python Insider Python 3.14.0 alpha 5 is out | Python Insider Python 3.13.2 and 3.12.9 now available! | Python Insider Python 3.14.0 alpha 4 is out | Python Insider Python 3.14.0 alpha 3 is out | Python Insider Python 3.13.1, 3.12.8, 3.11.11, 3.10.16 and 3.9.21 are now available | Python Insider Python 3.14.0 alpha 2 released | Python Insider Python 3.14.0 alpha 1 is now available | Python Insider Python 3.13.0 (final) released | Python Insider Python 3.12.7 released | Python Insider Python 3.13.0 release candidate 3 released | Python Insider Python 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20 are now available! | Python Insider Python 3.12.5 released | Python Insider Python 3.13.0 release candidate 1 released | Python Insider Python 3.13.0 beta 4 released | Python Insider Python 3.13.0 beta 3 released | Python Insider Python 3.12.4 released | Python Insider
Python 3.13.4, 3.12.11, 3.11.13, 3.10.18 and 3.9.23 are now available | Python Insider
2025-06-03 · via Python Insider

Python Release Party

It was only meant to be release day for 3.13.4 today, but poor number 13 looked so lonely… And hey, we had a couple of tarfile CVEs that we had to fix. So most of the Release Managers and all the Developers-in-Residence (including Security Developer-in-Residence Seth Michael Larson) came together to make it a full release party.

Security content in these releases

  • gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE 2025-4517.
  • gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.
  • gh-128840: Short-circuit the processing of long IPv6 addresses early in to prevent excessive memory consumption and a minor denial-of-service.

In addition to the security fixed mentioned above, a few additional changes to the ipaddress were backported to make the security fixes feasible. (See the full changelogs for each release for more details.)

Python 3.13.4

In addition to the security fixes, the fourth maintenance release of Python 3.13 contains more than 300 bugfixes, build improvements and documentation changes.

python.org/downloads/release/python-3134

Python 3.12.11

python.org/downloads/release/python-31211

Python 3.11.13

python.org/downloads/release/python-31113

Python 3.10.18

python.org/downloads/release/python-31018

Python 3.9.23

Additional security content in this release (already fixed in older releases for the other versions):

  • gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed.

python.org/downloads/release/python-3923

Stay safe and upgrade!

As always, upgrading is highly recommended to all users of affected versions.

Enjoy the new releases

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Regards from your very tired tireless release team,
Thomas Wouters
Pablo Galindo Salgado
Łukasz Langa
Ned Deily
Steve Dower