Python Releases Urgent Patches: Version 3.14.2 and 3.13.11 Address Regressions and Security Flaws
Just days after the previous releases, the Python team has rolled out two more updates: Python 3.14.2 and Python 3.13.11. These expedited versions focus on fixing regressions discovered in the latest maintenance updates and include several security patches. This rapid response underscores the project's commitment to stability and user safety.
Python 3.14.2
Python 3.14.2 is the second maintenance release of the 3.14 series, bringing 18 bugfixes, build improvements, and documentation changes since version 3.14.1. However, the primary goal is to address critical regressions that affected multiprocessing, dataclasses, dictionary insertion, and regular expressions. Below are the specific issues resolved:
Resolved Regressions
- gh-142206 — Exceptions in
multiprocessingwhen upgrading Python while programs are running. - gh-142214 — Exceptions in
dataclassesthat lack an__init__method. - gh-142218 — Segmentation faults and assertion failures in the
insertdictfunction. - gh-140797 — Crashes when using multiple capturing groups in
re.Scanner.
Security Fixes
- gh-142145 — Removed quadratic behavior in node ID cache clearing, addressing CVE-2025-12084.
- gh-119452 — Fixed a potential virtual memory allocation denial of service in
http.server.
Download Python 3.14.2 from the official release page. For a complete list of changes, see the full changelog.
Python 3.13.11
Python 3.13.11 is the eleventh maintenance release of the 3.13 series. Like its counterpart, this version was expedited to fix regressions and bolster security. The updates mirror many of the 3.14.2 fixes, with additional security enhancements for http.client.
Resolved Regressions
- gh-142206 — Exceptions in
multiprocessingduring Python upgrades. - gh-142218 — Segmentation faults and assertion failures in
insertdict. - gh-140797 — Crashes in
re.Scannerwith multiple capturing groups.
Security Fixes
- gh-142145 — Quadratic-to-linear cache clearing (CVE-2025-12084).
- gh-119451 — Fix for a potential denial of service in
http.client. - gh-119452 — Fix for a potential virtual memory allocation denial of service in
http.server.
Download Python 3.13.11 from the official release page. Review the full changelog for details.
Acknowledgments and Community Support
The Python team extends heartfelt thanks to the numerous volunteers who contribute to Python development and these releases. Their dedication ensures that the language remains robust, secure, and up-to-date. If you or your organization would like to support these efforts, consider donating to the Python Software Foundation or getting involved as a volunteer.
Release team: Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa
Stay tuned for future updates and happy coding!
Related Articles
- Decoding the Identity Paradox: Why Trusted Credentials Are Your Biggest Threat
- Trusted IT Tools Exposed as Primary Attack Vector in New Cybersecurity Analysis
- Defending Against Hypersonic Supply Chain Attacks: A Step-by-Step Guide to Stopping Unknown Payloads
- Cyber Threat Digest: Key Incidents and Vulnerabilities from Early May
- LayerZero's Costly Oversight: The $292M Kelp Hack Explained
- Foxconn Cyberattack Exposes Tech Giants' Secrets; Apple Data Remains Secure
- Understanding and Defending Against npm Supply Chain Attacks: A Q&A Guide
- How to Protect Your Systems from Zero-Day Threats Like Those Exposed at Pwn2Own Berlin 2026