[Python-Dev] [RELEASE] Python 3.6.3 is now available

Victor Stinner victor.stinner at gmail.com
Tue Oct 3 16:56:26 EDT 2017


Hi,

Good news: Python 3.6.3 has no more known security vulnerabilities ;-)

Python 3.6.3 fixes two security vulnerabilities:

"urllib FTP protocol stream injection"
https://python-security.readthedocs.io/vuln/urllib_ftp_protocol_stream_injection.html

"Expat 2.2.3" (don't impact Linux, since Linux distros use the system
expat library)
https://python-security.readthedocs.io/vuln/expat_2.2.3.html

Note: I'm not sure that the vulnerabilities fixed in Expat 2.2.2 and
Expat 2.2.3 really impacted Python, since Python uses its own entropy
source to set the "hash secret", but well, it's usually safer to use a
more recent library version :-)

Victor

2017-10-03 22:06 GMT+02:00 Ned Deily <nad at python.org>:
> On behalf of the Python development community and the Python 3.6
> release team, I am happy to announce the availability of Python 3.6.3,
> the third maintenance release of Python 3.6.  Detailed information
> about the changes made in 3.6.3 can be found in the change log here:
>
> https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-3-final
>
> Please see "What’s New In Python 3.6" for more information about the
> new features in Python 3.6:
>
> https://docs.python.org/3.6/whatsnew/3.6.html
>
> You can download Python 3.6.3 here:
>
> https://www.python.org/downloads/release/python-363/
>
> The next maintenance release of Python 3.6 is expected to follow in
> about 3 months, around the end of 2017-12.  More information about the
> 3.6 release schedule can be found here:
>
> https://www.python.org/dev/peps/pep-0494/
>
> Enjoy!
>
> --
>   Ned Deily
>   nad at python.org -- []
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/victor.stinner%40gmail.com


More information about the Python-Dev mailing list