Just three days after the previous release, the Python team has rolled out another pair of updates—Python 3.14.2 and Python 3.13.11. These are expedited releases, driven by the discovery of regressions that affected stability and performance. Alongside the corrective patches, several security vulnerabilities have also been resolved. This article provides a detailed look at what’s changed, including key bug fixes and security enhancements.
Overview of the Expedited Releases
The decision to push out these versions so quickly stems from critical regressions that were identified in the prior maintenance releases. Both Python 3.14.2 and 3.13.11 share several fixes, particularly for issues related to multiprocessing, data classes, dictionary insertion, and the re.Scanner module. Additionally, each version includes security patches, some of which address potential denial-of-service attacks. For full details, users are encouraged to review the official changelogs linked in the respective sections below.
Python 3.14.2: Second Maintenance Release
Python 3.14.2 is the second maintenance release of the 3.14 series. It contains 18 bug fixes, build improvements, and documentation updates since version 3.14.1. The following sections break down the most critical fixes included in this expedited release.
Regression Fixes
- Multiprocessing exception (gh-142206): Exceptions were being raised in
multiprocessingwhile running programs during a Python upgrade, causing unexpected crashes. - Data classes without __init__ (gh-142214): Exceptions occurred when using
dataclassesthat lacked an__init__method, a regression from a recent change. - Dictionary insertion crash (gh-142218): Segmentation faults and assertion failures were observed in the
insertdictfunction, affecting dictionary operations. - re.Scanner crash (gh-140797): Using multiple capturing groups in
re.Scannercould lead to a crash.
Security Updates
- CVE-2025-12084 (gh-142145): Removed quadratic behavior in node ID cache clearing, preventing a potential denial-of-service vector.
- gh-119452: Fixed a potential virtual memory allocation denial of service in
http.server.
For a complete list of changes, see the official changelog for Python 3.14.2.
Python 3.13.11: Eleventh Maintenance Release
Python 3.13.11 is the eleventh maintenance release of the 3.13 series. Like its counterpart, it is an expedited release targeting critical regressions and security issues. The same regressions that affect 3.14.2 also appear here, with a few differences in the security patch set.
Regression Fixes
- Multiprocessing exception (gh-142206): Identical issue as in 3.14.2—exceptions in
multiprocessingduring upgrades. - Dictionary insertion crash (gh-142218): Segmentation faults and assertion failures in
insertdict. - re.Scanner crash (gh-140797): Crash when using multiple capturing groups.
Security Updates
- CVE-2025-12084 (gh-142145): Same as 3.14.2—quadratic behavior removed from node ID cache clearing.
- gh-119451: Fixed a potential denial of service in
http.client. - gh-119452: Fixed a potential virtual memory allocation denial of service in
http.server.
Visit the official changelog for Python 3.13.11 for the full list of modifications.
Community Acknowledgments
These releases would not have been possible without the dedicated volunteers who contribute to Python’s development. The Python Software Foundation welcomes both individual and organizational support to sustain these efforts. As the release team signed off from “deeper darker Helsinki,” we extend our gratitude to Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa for their stewardship.
We encourage all Python users to upgrade to these latest versions to take advantage of the stability and security improvements described above.