Python Releases Urgent Patches: Version 3.14.2 and 3.13.11 Address Regressions and Security Flaws

By

Just days after the previous releases, the Python team has rolled out two more updates: Python 3.14.2 and Python 3.13.11. These expedited versions focus on fixing regressions discovered in the latest maintenance updates and include several security patches. This rapid response underscores the project's commitment to stability and user safety.

Python 3.14.2

Python 3.14.2 is the second maintenance release of the 3.14 series, bringing 18 bugfixes, build improvements, and documentation changes since version 3.14.1. However, the primary goal is to address critical regressions that affected multiprocessing, dataclasses, dictionary insertion, and regular expressions. Below are the specific issues resolved:

Resolved Regressions

• gh-142206 — Exceptions in multiprocessing when upgrading Python while programs are running.
• gh-142214 — Exceptions in dataclasses that lack an __init__ method.
• gh-142218 — Segmentation faults and assertion failures in the insertdict function.
• gh-140797 — Crashes when using multiple capturing groups in re.Scanner.

Security Fixes

• gh-142145 — Removed quadratic behavior in node ID cache clearing, addressing CVE-2025-12084.
• gh-119452 — Fixed a potential virtual memory allocation denial of service in http.server.

Download Python 3.14.2 from the official release page. For a complete list of changes, see the full changelog.

Python 3.13.11

Python 3.13.11 is the eleventh maintenance release of the 3.13 series. Like its counterpart, this version was expedited to fix regressions and bolster security. The updates mirror many of the 3.14.2 fixes, with additional security enhancements for http.client.

Resolved Regressions

• gh-142206 — Exceptions in multiprocessing during Python upgrades.
• gh-142218 — Segmentation faults and assertion failures in insertdict.
• gh-140797 — Crashes in re.Scanner with multiple capturing groups.

Security Fixes

• gh-142145 — Quadratic-to-linear cache clearing (CVE-2025-12084).
• gh-119451 — Fix for a potential denial of service in http.client.
• gh-119452 — Fix for a potential virtual memory allocation denial of service in http.server.

Download Python 3.13.11 from the official release page. Review the full changelog for details.

Acknowledgments and Community Support

The Python team extends heartfelt thanks to the numerous volunteers who contribute to Python development and these releases. Their dedication ensures that the language remains robust, secure, and up-to-date. If you or your organization would like to support these efforts, consider donating to the Python Software Foundation or getting involved as a volunteer.

Release team: Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa

Stay tuned for future updates and happy coding!

Related Articles

• The Evolving Face of Cyber Threats: A Q&A on the Modern Cybercrime Landscape
• 10 Key Facts About the 'Scattered Spider' Hacker Who Just Pleaded Guilty
• Build a Motorized Three-Axis Camera Slider Using Recycled 3D Printer Parts
• 10 Key Shifts in Europe's Cyber Extortion Landscape: Germany Under Siege
• 10 Key Insights into Mobile Threat Evolution in Q1 2026
• 5 Urgent Truths About Cybersecurity in the AI Era
• Supply Chain Attack Targets AntV npm Ecosystem: Mini Shai-Hulud Campaign Strikes Again
• Trusted IT Tools Exposed as Primary Attack Vector in New Cybersecurity Analysis