Python 3.7.4rc1 (and 3.6.9rc1) cutoffs ahead, now set for 2019-06-17
https://discuss.python.org/t/python-3-7-4rc1-and-3-6-9rc1-cutoffs-ahead-now-... A reminder: it is time for the next quarterly maintenance release of Python 3.7. The cutoff for **3.7.4rc1** had been scheduled for this coming Monday (2019-06-10) but many of us have been focused on feature code off for 3.8.0, which just took place a few days ago (yay!). So, to give us all a bit more time to attend to 3.7.x matters, I have moved the code cutoff a week, to **Monday 2019-06-17** by the end of day AOE. Please review open issues and ensure that any that you believe need to be addressed in 3.7.4 are either resolved or marked as a **release blocker**. Any assistance you can provide in helping resolve issues will be greatly appreciated! Following the rc1 cutoff, changes merged to the 3.7 branch will be released in 3.7.5 three months from now unless you mark the issue as a release blocker prior to **3.7.4 final**, planned for release on **2019-06-28**, and explain why the change should be cherry-picked into the final release. I am also scheduling for the same dates the rc1 and final releases of Python **3.6.9**, which is the first 3.6 security-fix-only source release since its final bugfix release, 3.6.8, six months ago. If there are any open security issues that you feel should be backported to 3.6, please get them in before its cutoff on **2019-06-17** AoE. Thanks to everyone who has been helping to ensure the continued success of Python 3.6 and 3.7! Our users truly appreciate it and are showing their confidence in us by the rapid adoption of these latest releases. Onward! P.S. I have recently updated the 3.7.x release schedule in PEP 537 to show tentative release dates for the rest of 3.7's bugfix phase. Like with 3.6, we plan to continue having 3.7.x bugfix releases every three months until 2020-06-27, two years after the initial release of 3.7.0. At that point, 3.7.x will enter its security-fix-only phase for an additional three years. https://www.python.org/dev/peps/pep-0537/ -- Ned Deily nad@python.org -- []
On Jun 6, 2019, at 01:43, Ned Deily <nad@python.org> wrote:
https://discuss.python.org/t/python-3-7-4rc1-and-3-6-9rc1-cutoffs-ahead-now-... [...] Following the rc1 cutoff, changes merged to the 3.7 branch will be released in 3.7.5 three months from now unless you mark the issue as a release blocker prior to **3.7.4 final**, planned for release on **2019-06-28**, and explain why the change should be cherry-picked into the final release.
Update: 3.7.4 final is delayed at least a few days A few last minute release blocker issues were identified shortly before 3.7.4 final was about to tagged as planned on 2019-06-28, in particular, a couple of TLS 1.3 issues which are of particular importance since we are migrating Windows and macOS installers to OpenSSL 1.1.1 with this release. We are now on hold awaiting resolutions for the remaining items and then we will need to decide whether another release candidate is needed. I am hopeful we will be able to proceed by Monday 2019-07-01; I will keep you updated. And thanks for your help! -- Ned Deily nad@python.org -- []
On 29/06/2019 21.53, Ned Deily wrote:
On Jun 6, 2019, at 01:43, Ned Deily <nad@python.org> wrote:
https://discuss.python.org/t/python-3-7-4rc1-and-3-6-9rc1-cutoffs-ahead-now-... [...] Following the rc1 cutoff, changes merged to the 3.7 branch will be released in 3.7.5 three months from now unless you mark the issue as a release blocker prior to **3.7.4 final**, planned for release on **2019-06-28**, and explain why the change should be cherry-picked into the final release.
Update: 3.7.4 final is delayed at least a few days
A few last minute release blocker issues were identified shortly before 3.7.4 final was about to tagged as planned on 2019-06-28, in particular, a couple of TLS 1.3 issues which are of particular importance since we are migrating Windows and macOS installers to OpenSSL 1.1.1 with this release. We are now on hold awaiting resolutions for the remaining items and then we will need to decide whether another release candidate is needed. I am hopeful we will be able to proceed by Monday 2019-07-01; I will keep you updated. And thanks for your help!
Thanks Ned! the issues are related to TLS 1.3 and client cert authentication. TLS 1.3 dropped renegotiation in favor of rekeying and post-handshake authentication. PHA is required for conditional authentication in HTTP, e.g. when a server only requires authentication for some paths or request methods. PR https://github.com/python/cpython/pull/14421 fixes a regression in my PHA code for Python's ssl module. OpenSSL behaves slightly differently than documented. SSLContext.post_handshake_auth = True also enabled server cert validation. Alex has reviewed the PR but likes to have a second opinion. PR https://github.com/python/cpython/pull/14448 enables PHA for http.client. Christian
participants (2)
-
Christian Heimes
-
Ned Deily