Forum: >>> Magnum BBS <<<

Re: [Python-Dev] Python 3.11.2, 3.10.10

From Pablo Galindo Salgado@21:1/5 to All on Sat Feb 18 11:33:04 2023

Apologies!
It seems that I added python-comitters and python-announce but forgot to
add python-dev. Here is the email to python-announce:

[1]Mailman 3 [RELEASE]
Python 3.11.2, Python
3.10.10 and 3.12.0 alpha 5
are available - [2]favicon.ico
Python-announce-list -
python.org
mail.python.org

Apologies for the confusion!
Regards from cloudy London,
Pablo Galindo Salgado
Pablo Galindo Salgado

On 18 Feb 2023, at 11:14, אורי <uri@speedy.net> wrote:

Hi,
I was surprised that Python 3.11.2 and 3.10.10 have been released
without a notice to this mailing list. What happened?
Thanks,
Uri.
אורי
[3]uri@speedy.net
On Wed, Dec 7, 2022 at 1:03 AM Łukasz Langa <[4]lukasz@langa.pl> wrote:

Greetings! We bring you a slew of releases this fine Saint Nicholas /
Sinterklaas day. Six simultaneous releases has got to be some record.
There’s one more record we broke this time, you’ll see below.

In any case, updating is recommended due to security content:

3.7 - 3.12: gh-98739
<[5]https://github.com/python/cpython/issues/98739>: Updated bundled
libexpat to 2.5.0 to fix CVE-2022-43680
<[6]https://nvd.nist.gov/vuln/detail/CVE-2022-43680> (heap
use-after-free).
3.7 - 3.12: gh-98433
<[7]https://github.com/python/cpython/issues/98433>: The IDNA codec
decoder used on DNS hostnames by socket or asyncio related name
resolution functions no longer involves a quadratic algorithm to fix
CVE-2022-45061 <[8]https://nvd.nist.gov/vuln/detail/CVE-2022-45061>.
This prevents a potential CPU denial of service if an out-of-spec
excessive length hostname involving bidirectional characters were
decoded. Some protocols such as urllib http 3xx redirects potentially
allow for an attacker to supply such a name.
3.7 - 3.12: gh-100001
<[9]https://github.com/python/cpython/issues/100001>: python -m
http.server no longer allows terminal control characters sent within a
garbage request to be printed to the stderr server log.
3.8 - 3.12: gh-87604
<[10]https://github.com/python/cpython/issues/87604>: Avoid publishing
list of active per-interpreter audit hooks via the gc module.
3.9 - 3.10 (already released in 3.11+ before): gh-97514
<[11]https://github.com/python/cpython/issues/97514>: On Linux the
multiprocessing module returns to using filesystem backed unix domain
sockets for communication with the forkserver process instead of the
Linux abstract socket namespace. Only code that chooses to use the
“forkserver” start method is affected. This prevents Linux
CVE-2022-42919 <[12]https://nvd.nist.gov/vuln/detail/CVE-2022-42919>
(potential privilege escalation) as abstract sockets have no
permissions and could allow any user on the system in the same network
namespace (often the whole system) to inject code into the
multiprocessing forkserver process. This was a potential privilege
escalation. Filesystem based socket permissions restrict this to the
forkserver process user as was the default in Python 3.8 and earlier.
3.7 - 3.10: gh-98517
<[13]https://github.com/python/cpython/issues/98517>: Port XKCP’s fix
for the buffer overflows in SHA-3 to fix CVE-2022-37454
<[14]https://nvd.nist.gov/vuln/detail/CVE-2022-37454>.
3.7 - 3.9 (already released in 3.10+ before): gh-68966
<[15]https://github.com/python/cpython/issues/68966>: The deprecated
mailcap module now refuses to inject unsafe text (filenames, MIME
types, parameters) into shell commands to address CVE-2015-20107
<[16]https://nvd.nist.gov/vuln/detail/CVE-2015-20107>. Instead of
using such text, it will warn and act as if a match was not found (or
for test commands, as if the test failed).
<[17]https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3120-alpha-3-1>Python
3.12.0 alpha 3

Get it here, read the change log, sing a GPT-3-generated Sinterklaas
song:

[18]https://www.python.org/downloads/release/python-3120a3/
<[19]https://www.python.org/downloads/release/python-3120a3/>

216 new commits since 3.12.0 alpha 2 last month.

<[20]https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3111-2>Python
3.11.1

Get it here, see the change log, read the recipe for quark soup:

[21]https://www.python.org/downloads/release/python-3111/
<[22]https://www.python.org/downloads/release/python-3111/>

A whopping 495 new commits since 3.11.0. This is a massive increase of
changes comparing to 3.10 at the same stage in the release cycle:
there were “only” 339 commits between 3.10.0 and 3.10.1.

<[23]https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3109-3>Python
3.10.9

Get it here, read the change log, see circular patterns:

[24]https://www.python.org/downloads/release/python-3109/
<[25]https://www.python.org/downloads/release/python-3109/>

165 new commits.

<[26]https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3916-4>Python
3.9.16

Get it here, read the change log, consider upgrading to a newer
version:

[27]https://www.python.org/downloads/release/python-3916/
<[28]https://www.python.org/downloads/release/python-3916/>

Security-only release with no binaries. 10 commits.

<[29]https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3816-5>Python
3.8.16

Get it here, see the change log, definitely upgrade to a newer
version:

[30]https://www.python.org/downloads/release/python-3816/
<[31]https://www.python.org/downloads/release/python-3816/>

Security-only release with no binaries. 9 commits.

<[32]https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3716-6>Python
3.7.16

Get it here, read the change log, check PEP 537
<[33]https://peps.python.org/pep-0537/>to confirm EOL is coming to
this version in June 2023:

[34]https://www.python.org/downloads/release/python-3716/
<[35]https://www.python.org/downloads/release/python-3716/>

Security-only release with no binaries. 8 commits.

<[36]https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#we-hope-you-enjoy-the-new-releases-7>We
hope you enjoy the new releases!

Thanks to all of the many volunteers who help make Python Development
and these releases possible! Please consider supporting our efforts by
volunteering yourself or through organization contributions to the
Python Software Foundation.

[37]https://www.python.org/psf/ <[38]https://www.python.org/psf/>
Your friendly release team,

Ned Deily @nad <[39]https://discuss.python.org/u/nad>
Steve Dower @steve.dower
<[40]https://discuss.python.org/u/steve.dower>
Pablo Galindo Salgado @pablogsal
<[41]https://discuss.python.org/u/pablogsal>
Łukasz Langa @ambv <[42]https://discuss.python.org/u/ambv>
Thomas Wouters @thomas <[43]https://discuss.python.org/u/thomas>
--
[44]https://mail.python.org/mailman/listinfo/python-list

_______________________________________________
Python-Dev mailing list -- python-dev@python.org
To unsubscribe send an email to python-dev-leave@python.org
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at
https://mail.python.org/archives/list/python-dev@python.org/message/DK4YRRKBC4KLBNUY6VHLZ5Q6LWFWM3KY/
Code of Conduct: http://python.org/psf/codeofconduct/

References

Visible links
1. https://mail.python.org/archives/list/python-announce-list@python.org/thread/P4JHHHAAO4L4KFZQ6PX5J3JRPAZUXJWJ/
2. https://mail.python.org/archives/list/python-announce-list@python.org/thread/P4JHHHAAO4L4KFZQ6PX5J3JRPAZUXJWJ/
3. mailto:uri@speedy.net
4. mailto:lukasz@langa.pl
5. https://github.com/python/cpython/issues/98739
6. https://nvd.nist.gov/vuln/detail/CVE-2022-43680
7. https://github.com/python/cpython/issues/98433
8. https://nvd.nist.gov/vuln/detail/CVE-2022-45061
9. https://github.com/python/cpython/issues/100001
10. https://github.com/python/cpython/issues/87604
11. https://github.com/python/cpython/issues/97514
12. https://nvd.nist.gov/vuln/detail/CVE-2022-42919
13. https://github.com/python/cpython/issues/98517
14. https://nvd.nist.gov/vuln/detail/CVE-2022-37454
15. https://github.com/python/cpython/issues/68966
16. https://nvd.nist.gov/vuln/detail/CVE-2015-20107
17. https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3120-alpha-3-1
18. https://www.python.org/downloads/release/python-3120a3/
19. https://www.python.org/downloads/release/python-3120a3/
20. https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3111-2
21. https://www.python.org/downloads/release/python-3111/
22. https://www.python.org/downloads/release/python-3111/
23. https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3109-3
24. https://www.python.org/downloads/release/python-3109/
25. https://www.python.org/downloads/release/python-3109/
26. https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3916-4
27. https://www.python.org/downloads/release/python-3916/
28. https://www.python.org/downloads/release/python-3916/
29. https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3816-5
30. https://www.python.org/downloads/release/python-3816/
31. https://www.python.org/downloads/release/python-3816/
32. https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#python-3716-6
33. https://peps.python.org/pep-0537/
34. https://www.python.org/downloads/release/python-3716/
35. https://www.python.org/downloads/release/python-3716/
36. https://discuss.python.org/t/python-3-11-1-3-10-9-3-9-16-3-8-16-3-7-16-and-3-12-0-alpha-3-are-now-available/21724#we-hope-you-enjoy-the-new-releases-7
37. https://www.python.org/psf/
38. https://www.python.org/psf/
39. https://discuss.python.org/u/nad
40. https://discuss.python.org/u/steve.dower
41. https://discuss.python.org/u/pablogsal
42. https://discuss.python.org/u/ambv
43. https://discuss.python.org/u/thomas
44. https://mail.python.org/mailman/listinfo/python-list

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Gretchiie
  Wed Sep 17 08:54:03 2025
  from Derry, Nh via Telnet
- Bob Worm
  Wed Sep 17 08:43:18 2025
  from Wales, Uk via Telnet
- Bob Worm
  Wed Sep 17 08:14:37 2025
  from Wales, Uk via Telnet
- Volatile_Memory
  Wed Sep 17 07:20:57 2025
  from Des Moines, Iowa via SSH
- Volatile_Memory
  Wed Sep 17 07:17:26 2025
  from Des Moines, Iowa via SSH
- Bob Worm
  Tue Sep 16 21:01:27 2025
  from Wales, Uk via Telnet
- Bob Worm
  Tue Sep 16 15:15:42 2025
  from Wales, Uk via Telnet
- Gretchiie
  Tue Sep 16 05:20:21 2025
  from Derry, Nh via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (2 / 14)
Uptime:	55:00:05
Calls:	10,397
Calls today:	5
Files:	14,067
Messages:	6,417,420
Posted today:	1

Re: [Python-Dev] Python 3.11.2, 3.10.10

Who's Online

Recent Visitors

System Info