Python Rushes Out Emergency Updates to Fix Regressions and Security Holes

By

Python Rushes Out Emergency Updates to Fix Regressions and Security Holes

The Python Software Foundation has released two expedited versions—Python 3.14.2 and Python 3.13.11—just three days after the previous updates. These emergency patches target critical regressions and security vulnerabilities that could crash programs or expose systems to denial-of-service attacks.

According to the Python release team, the decision to fast-track these releases was driven by the severity of the issues. "We found some regressions that required immediate attention, so here's an expedited pair of releases," the team stated, also noting that the updates include bonus security fixes.

Expedited Releases Address Regressions

Python 3.14.2 is the second maintenance release of the 3.14 series, packing 18 bug fixes, build improvements, and documentation changes since version 3.14.1. The release focuses on correcting regressions that affected core functionalities:

• gh-142206: Exceptions in multiprocessing when upgrading Python while programs are running.
• gh-142214: Exceptions in dataclasses when no __init__ method is defined.
• gh-142218: Segmentation faults and assertion failures in insertdict.
• gh-140797: Crash when using multiple capturing groups in re.Scanner.

Python 3.13.11, the eleventh maintenance release of the 3.13 branch, shares the same regression fixes for multiprocessing, insertdict, and re.Scanner. Both versions also address the security vulnerabilities described below.

Security Fixes Included

The updates patch two security vulnerabilities, including one with a published CVE identifier:

• gh-142145 (CVE-2025-12084): Removes quadratic behavior in node ID cache clearing to prevent a potential denial-of-service condition.
• gh-119452: Fixes a potential virtual memory allocation denial of service in http.server.

In addition, Python 3.13.11 includes gh-119451 which addresses a potential denial-of-service vulnerability in http.client.

Background

Python releases maintenance updates regularly, but the rapid issuance of these versions highlights the urgency of the regressions and security issues. The multiprocessing regression could interrupt running processes during version upgrades, while the dataclasses and insertdict bugs risk application crashes. The security flaws, particularly the quadratic cache-clearing behavior, could be exploited to slow or halt systems. These are expedited releases intended to minimize risk for the large Python user base.

What This Means

Users of Python 3.14.0 and 3.14.1, as well as 3.13.10 and earlier 3.13.x versions, should update to the latest releases immediately to avoid instability and potential security breaches. The fixes ensure that multiprocessing, dataclasses, and regular expressions work reliably, and that HTTP servers are protected from denial-of-service attacks. The Python release team urges all developers and system administrators to prioritize these updates. "Enjoy the new release," the team added, thanking the volunteers who contributed to the fixes.

Full changelogs for Python 3.14.2 and Python 3.13.11 are available on the official website.

Related Articles

• Ubuntu Set to Integrate On-Device AI Features in 2026, Canonical Emphasizes Principled Approach
• OpenAI’s GPT-5.5 Lands on Microsoft Foundry Tomorrow—Enterprise Agents Get a Major Boost
• Gemini AI Coming to Google Maps on CarPlay: Code Reveals Imminent Launch
• AI Prompt Engineering: Experts Warn of No One-Size-Fits-All Solution as Model Variability Challenges Steerability
• How to Identify Critical Interactions in Large Language Models at Scale
• Build Your Own AI Agent Fleet: A Step-by-Step Guide to Shipping Faster with Virtual Teams
• Connecting Your Machines with Loopsy: A Comprehensive Guide to Cross-Device Terminal Communication
• The Surprising Utility of Codex AI Pets: Keeping You in the Loop