There’s security content in the releases, let’s dive right in.
ssl.SSLSocket
were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 1 by Aapo Oksman. Patch by Gregory P. Smith.Upgrading is highly recommended to all users of affected versions.
Get it here: https://www.python.org/downloads/release/python-3115/
This release was held up somewhat by the resolution of this CVE, which is why it includes a whopping 328 new commits since 3.11.4 (compared to 238 commits between 3.10.4 and 3.10.5). Among those, there is a fix for CVE-2023-41105which affected Python 3.11.0 - 3.11.4. See gh-106242 for details.
There are also some fixes for crashes, check out the change log to see all information.
Most importantly, the release notes on the downloads page include a description of the Larmor precession. I understood some of the words there!
Get it here: https://www.python.org/downloads/release/python-31013/
16 commits.
Get it here: https://www.python.org/downloads/release/python-3918/
11 commits.
Get it here: https://www.python.org/downloads/release/python-3818/
9 commits.
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.
--
Łukasz Langa @ambv
on behalf of your friendly release team,
Ned Deily @nad
Steve Dower @steve.dower
Pablo Galindo Salgado @pablogsal
Łukasz Langa @ambv
Thomas Wouters @thomas