Bbs.whatschatDocsCybersecurity
Related
When Data Breach Reports Go Wrong: A Case Study of the Instructure RetractionHow to Shield Your Safari Browser: Installing the Latest Security Update to Prevent Crashes and Data LeaksMeta's Enhanced Security for End-to-End Encrypted Backups: Key Updates and How They WorkPython 3.14.2 and 3.13.11: Emergency Releases Address Regressions and Security VulnerabilitiesCritical Exim Vulnerability 'Dead.Letter' Allows Remote Code Execution on GnuTLS BuildsMarch 2026 Patch Tuesday: 8 Urgent Fixes for Windows UsersMastering Secret Lifecycle Management: Why Vault Secrets Operator Leads on Kubernetes6 Cutting-Edge Features of preFlight Slicer That Will Transform Your 3D Prints

Python Issues Emergency Releases 3.14.2 and 3.13.11 to Fix Critical Regressions and Security Vulnerabilities

Last updated: 2026-05-01 08:45:44 · Cybersecurity

Python Releases Expedited Patches for Critical Regressions

Just three days after the last update, the Python team has rolled out emergency releases 3.14.2 and 3.13.11, addressing severe regressions and security flaws. The updates are recommended for all users, especially those running multiprocessing or HTTP servers.

Python Issues Emergency Releases 3.14.2 and 3.13.11 to Fix Critical Regressions and Security Vulnerabilities

According to the release team, "We discovered these regressions and security issues soon after the previous releases. An expedited fix was necessary to maintain stability and security." — Hugo van Kemenade, Python release manager.

Key Regressions Fixed

The expedited releases target four major regressions that could cause crashes or unexpected behavior:

  • Exceptions in multiprocessing when upgrading Python (gh-142206)
  • Exceptions in dataclasses without __init__ method (gh-142214)
  • Segmentation faults and assertion failures in insertdict (gh-142218)
  • Crash when using multiple capturing groups in re.Scanner (gh-140797)

Security Fixes Included

Both releases also patch several security vulnerabilities, including a critical node ID cache clearing flaw (CVE-2025-12084) and denial of service risks in http.server and http.client.

  • Remove quadratic behavior in node ID cache clearing (gh-142145, CVE-2025-12084)
  • Fix potential virtual memory allocation denial of service in http.server (gh-119452)
  • Fix potential denial of service in http.client (gh-119451 — 3.13.11 only)

Background

Python 3.14.2 is the second maintenance release of the 3.14 series, containing 18 bugfixes, build improvements, and documentation changes since 3.14.1. Python 3.13.11 is the eleventh maintenance release of the 3.13 branch.

The team emphasized that these are expedited releases driven by the discovery of regressions shortly after the previous updates. The swift turnaround underscores the importance of maintaining stability in the core language.

What This Means

Python users, particularly those relying on multiprocessing and HTTP services, should upgrade immediately to avoid crashes and potential security exploits. The fixes for CVE-2025-12084 address a quadratic performance issue that could be triggered remotely.

For organizations managing Python deployments, this release signals the need for rapid patch cycles. The community is urged to test their applications against the new versions and update their environments as soon as possible.

Download links:

The Python Software Foundation thanks all volunteers and contributors. For full changelogs, see the official release pages.

See Also

External Resources

GitHub Tightens Bug Bounty Rules to Combat Flood of Low-Quality SubmissionsA Step-by-Step Guide to AMD's AI Silicon Strategy: Balancing Compute and InnovationValkey-Swift 1.0 Launches as Production-Grade Client for Swift Server EcosystemMay the 4th Be With You: Lego Unleashes New Star Wars Sets and Classic Favorites for Galaxy-Wide CelebrationBPF for Memory Management Hits Roadblock: Experts Debate Next Steps at Linux Summit