[Python-Dev] Time for 3.4.9 and 3.5.6

Larry Hastings larry at hastings.org
Sun Jul 8 03:45:43 EDT 2018

My six-month cadence means it's time for the next releases of 3.4 and 
3.5.  There haven't been many changes since the last releases--two, to 
be exact.  These two security fixes were backported to both 3.4 and 3.5:

  * bpo-32981: Fix catastrophic backtracking vulns (GH-5955)
  * bpo-33001: Prevent buffer overrun in os.symlink (GH-5989)

3.5 also got some doc-only changes related to the online "version 
switcher" dropdown.  (They weren't backported to 3.4 because we don't 
list 3.4 in the version switcher dropdown anymore.)

There are currently no PRs open for either 3.4 or 3.5, and they also 
have no open "release blocker" or "deferred blocker" bugs.  It seems 
things are pretty quiet in our two security-fixes-only branches--a good 
way to be!

I therefore propose to cut the RCs in a week and a half, and the finals 
two weeks later.  So:

    Wednesday  July 18 2018 - 3.4.9rc1 and 3.5.6rc1
    Wednesday August 1 2018 - 3.4.9 final and 3.5.6 final

If anybody needs more time I'm totally happy to accommodate them--you 
can probably have all the time you need.  I'm trying to keep to my rough 
six-month cadence, but honestly that's pretty arbitrary.

Thanks to all of you who keep making 3.4 and 3.5 better,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180708/054b2b93/attachment.html>

More information about the Python-Dev mailing list