[Python-Dev] [RELEASE] Python 2.7.7
Benjamin Peterson
benjamin at python.org
Mon Jun 2 01:02:03 CEST 2014
I'm happy to announce the immediate availability of Python 2.7.7. Python
2.7.7 is a regularly scheduled bugfix release for the Python 2.7 series.
This release includes months of accumulated bugfixes. All the changes in
Python 2.7.7 are described in detail in the Misc/NEWS file of the source
tarball. You can view it online at
http://hg.python.org/cpython/raw-file/f89216059edf/Misc/NEWS
The 2.7.7 release also contains fixes for two severe, if arcane,
potential security vulnerabilities. The first was the possibility of
reading arbitrary process memory using JSONDecoder.raw_decode. [1] (No
other json APIs are affected.) The second security issue is an integer
overflow in the strop module. [2] (You actually have no reason
whatsoever to use the strop module.) Another security note for 2.7.7 is
that the release includes a backport from Python 3 of
hmac.compare_digest. This begins the implementation of PEP 466, Network
Security Enhancements for Python 2.7.x.
Downloads are at
https://python.org/download/releases/2.7.7/
This is a production release. As always, please report bugs to
http://bugs.python.org/
Build great things,
Benjamin Peterson
2.7 Release Manager
(on behalf of all of Python's contributors)
[1] http://bugs.python.org/issue21529
[2] http://bugs.python.org/issue21530
More information about the Python-Dev
mailing list