Python

Python officially released latest version 3.9.3 & 3.8.9

by

Python 3.9.3 & 3.8.9 are now released. Due to security fixes, the release time of these versions is one month ahead of schedule, but the last complete regular maintenance version of Python 3.8 is still scheduled for May 3, 2021 After the release, it will be converted to a source code release only for security bug fixes. 3.9.3 is also scheduled to be released on May 3, 2021.

Join Our RealMi Central Channel On Telegram

Main update content of 3.9.3 & 3.8.9:

  • Released the high severity CVE-2021-3449 and CVE-2021-3450 fixes of OpenSSL, which have been upgraded to 1.1.1k in CI.
  • CVE-2021-3426: Remove the getfile function of the pydoc module, which can be abused to read arbitrary files on the disk (directory traversal vulnerability). In addition, even the source code of Python modules may contain sensitive data such as passwords.
  • ftplib no longer believes the IP address value returned by the server in response to the PASV command by default. This prevents malicious FTP servers from using the response to probe the IPv4 address and port combination on the client’s network.
  • Add audit hooks to gc.get_objects(), gc.get_referrers() and gc.get_referents().
  • Fix a crash when replacing sys.stderr with a callable object.
  • If the command line parameter contains an invalid Unicode character, Python no longer gives a fatal error when starting. The Py_DecodeLocale() function can now escape byte sequences of Unicode characters outside the range of [U+0000; U+10ffff].
  • Fix a race condition that may occur when PyErr_CheckSignals tries to execute a non-Python signal handler.

3.9.3:

  • Column offset for reporting SyntaxError, used to handle invalid continuation characters.
  • Fix the error detection of circular import when using from pkg.mod import attr, which will cause false positives in multi-threaded code.
  • Improve the handling of exceptions approaching the recursion limit. Convert some Fatal Errors in RecursionErrors.

3.8.9:

  • Fix deadlock when using ssl.SSLContext.sni_callback() with ssl.SSLContext debug callback.
  • Fixed a long-standing error in smtplib.SMTP, that is, AUTH LOGIN will fail when initial_response_ok=False.

Source

If you like our news and you want to see such news even further, then follow RealMi Central on Telegram, Twitter, Facebook (Page) (Group) & Instagram.

Leave a Comment