Just three days after the previous update, the Python team has rolled out two expedited releases: Python 3.14.2 and Python 3.13.11. These versions are not just routine maintenance—they address critical regressions that slipped through and include important security patches to keep your projects safe. Below, we break down what's new, what's fixed, and how you can get these updates.
Why were Python 3.14.2 and 3.13.11 released so quickly after previous versions?
These are expedited releases triggered by the discovery of regressions that could disrupt existing Python projects. The team identified issues that appeared after the last release, such as exceptions in multiprocessing when upgrading, crashes in dataclasses without __init__, segmentation faults in insertdict, and a problem with multiple capturing groups in re.Scanner. Rather than waiting for the next scheduled maintenance release, the Python development team acted swiftly to deliver fixes to the community. Additionally, they included several security fixes to mitigate potential vulnerabilities, making these updates highly recommended for all users.
What specific regressions are fixed in these expedited releases?
The regressions addressed in both Python 3.14.2 and 3.13.11 include:
- gh-142206: Exceptions in
multiprocessingwhen running programs while upgrading Python. - gh-142214 (3.14.2 only): Exceptions in
dataclassesthat lack an__init__method. - gh-142218: Segmentation faults and assertion failures in
insertdict, which could crash the interpreter. - gh-140797: A crash when using multiple capturing groups in
re.Scanner, leading to unexpected program termination.
Python 3.14.2 includes an additional fix for dataclasses that wasn't present in 3.13.11. All these issues are now resolved, ensuring smoother operation for developers.
What security vulnerabilities are addressed?
Both releases include two identical security fixes, plus an extra one for Python 3.13.11:
- gh-142145 (CVE-2025-12084): Removes quadratic behavior in node ID cache clearing, preventing a denial-of-service attack.
- gh-119452: Fixes a potential virtual memory allocation denial of service in
http.server. - gh-119451 (3.13.11 only): Fixes a potential denial of service in
http.client, further hardening network code.
These patches close vectors that could be exploited to crash services or exhaust memory. Updating is strongly advised for any production systems using Python's HTTP modules.
How do the fixes differ between Python 3.14.2 and 3.13.11?
Python 3.14.2 is the second maintenance release of the 3.14 series and contains 18 bugfixes, build improvements, and documentation changes beyond the regression and security fixes. It also addresses the dataclasses regression (gh-142214) that is not present in 3.13.11. Python 3.13.11, being the eleventh maintenance release of 3.13, focuses solely on the regression fixes and security updates. Notably, 3.13.11 includes an additional security fix for http.client (gh-119451) that is not part of the 3.14 release. Both versions share the same security fix for http.server (gh-119452) and the node ID cache issue (CVE-2025-12084).
Where can I download the new releases and find more details?
You can download Python 3.14.2 from python.org/downloads/release/python-3142/ and Python 3.13.11 from python.org/downloads/release/python-31311/. Each download page includes the full changelog, links to release notes, and checksums. For detailed lists of all fixes, refer to the official changelogs linked from those pages. These are critical updates, so we encourage you to upgrade as soon as possible.
Who is behind these releases and how can I support Python development?
These releases are the work of the Python Release Team, including Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa, alongside countless volunteers who contribute to Python's development. If you find Python valuable, consider supporting the Python Software Foundation through organizational contributions or by volunteering your time. Whether you help with code, documentation, or community support, every contribution makes a difference. The team expresses gratitude from Helsinki and beyond, reminding us that Python's growth depends on its community.