[RELEASE] Python 2.7.7

Benjamin Peterson benjamin at python.org
Mon Jun 2 01:02:03 CEST 2014


I'm happy to announce the immediate availability of Python 2.7.7. Python
2.7.7 is a regularly scheduled bugfix release for the Python 2.7 series.
This release includes months of accumulated bugfixes. All the changes in
Python 2.7.7 are described in detail in the Misc/NEWS file of the source
tarball. You can view it online at

    http://hg.python.org/cpython/raw-file/f89216059edf/Misc/NEWS

The 2.7.7 release also contains fixes for two severe, if arcane,
potential security vulnerabilities. The first was the possibility of
reading arbitrary process memory using JSONDecoder.raw_decode. [1] (No
other json APIs are affected.) The second security issue is an integer
overflow in the strop module. [2] (You actually have no reason
whatsoever to use the strop module.) Another security note for 2.7.7 is
that the release includes a backport from Python 3 of
hmac.compare_digest. This begins the implementation of PEP 466, Network
Security Enhancements for Python 2.7.x.

Downloads are at

    https://python.org/download/releases/2.7.7/

This is a production release. As always, please report bugs to

    http://bugs.python.org/

Build great things,
Benjamin Peterson
2.7 Release Manager
(on behalf of all of Python's contributors)

[1] http://bugs.python.org/issue21529
[2] http://bugs.python.org/issue21530


More information about the Python-announce-list mailing list