Python Issues Emergency Releases 3.14.2 and 3.13.11 to Fix Critical Regressions and Security Vulnerabilities
Python Releases Expedited Patches for Critical Regressions
Just three days after the last update, the Python team has rolled out emergency releases 3.14.2 and 3.13.11, addressing severe regressions and security flaws. The updates are recommended for all users, especially those running multiprocessing or HTTP servers.
According to the release team, "We discovered these regressions and security issues soon after the previous releases. An expedited fix was necessary to maintain stability and security." — Hugo van Kemenade, Python release manager.
Key Regressions Fixed
The expedited releases target four major regressions that could cause crashes or unexpected behavior:
- Exceptions in multiprocessing when upgrading Python (gh-142206)
- Exceptions in dataclasses without
__init__method (gh-142214) - Segmentation faults and assertion failures in insertdict (gh-142218)
- Crash when using multiple capturing groups in re.Scanner (gh-140797)
Security Fixes Included
Both releases also patch several security vulnerabilities, including a critical node ID cache clearing flaw (CVE-2025-12084) and denial of service risks in http.server and http.client.
- Remove quadratic behavior in node ID cache clearing (gh-142145, CVE-2025-12084)
- Fix potential virtual memory allocation denial of service in http.server (gh-119452)
- Fix potential denial of service in http.client (gh-119451 — 3.13.11 only)
Background
Python 3.14.2 is the second maintenance release of the 3.14 series, containing 18 bugfixes, build improvements, and documentation changes since 3.14.1. Python 3.13.11 is the eleventh maintenance release of the 3.13 branch.
The team emphasized that these are expedited releases driven by the discovery of regressions shortly after the previous updates. The swift turnaround underscores the importance of maintaining stability in the core language.
What This Means
Python users, particularly those relying on multiprocessing and HTTP services, should upgrade immediately to avoid crashes and potential security exploits. The fixes for CVE-2025-12084 address a quadratic performance issue that could be triggered remotely.
For organizations managing Python deployments, this release signals the need for rapid patch cycles. The community is urged to test their applications against the new versions and update their environments as soon as possible.
Download links:
The Python Software Foundation thanks all volunteers and contributors. For full changelogs, see the official release pages.
Related Articles
- The Trapdoor Android Ad Fraud Scheme: 10 Critical Facts You Need to Know
- How Schools Can Fortify Cybersecurity After the Canvas Breach
- How to Fortify Your Organization in the Age of AI-Driven Vulnerability Discovery
- Navigating AI Governance: Lessons from the Musk-OpenAI Legal Battle
- 10 Essential Insights into How an Oil Refinery Transforms Crude Oil into Modern Essentials
- April 2026 Patch Tuesday: Record-Breaking Updates Address Active Exploits and AI-Driven Vulnerabilities
- Defend Against the CopyFail Linux Vulnerability: A Step-by-Step Guide
- How to Leverage AI for Zero-Day Discovery: Lessons from Firefox's 271 Vulnerability Hunt