Python 3.14.2 and 3.13.11: Expedited Releases Fix Regressions and Security Vulnerabilities

By • min read

<p>Just three days after the previous update, the Python team has rolled out two expedited releases: Python 3.14.2 and Python 3.13.11. These versions are not just routine maintenance—they address critical regressions that slipped through and include important security patches to keep your projects safe. Below, we break down what's new, what's fixed, and how you can get these updates.</p> <h2>Why were Python 3.14.2 and 3.13.11 released so quickly after previous versions?</h2> <p>These are <strong>expedited releases</strong> triggered by the discovery of regressions that could disrupt existing Python projects. The team identified issues that appeared after the last release, such as exceptions in multiprocessing when upgrading, crashes in <code>dataclasses</code> without <code>__init__</code>, segmentation faults in <code>insertdict</code>, and a problem with multiple capturing groups in <code>re.Scanner</code>. Rather than waiting for the next scheduled maintenance release, the Python development team acted swiftly to deliver fixes to the community. Additionally, they included several security fixes to mitigate potential vulnerabilities, making these updates highly recommended for all users.</p><figure style="margin:20px 0"><img src="https://picsum.photos/seed/3353341263/800/450" alt="Python 3.14.2 and 3.13.11: Expedited Releases Fix Regressions and Security Vulnerabilities" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px"></figcaption></figure> <h2>What specific regressions are fixed in these expedited releases?</h2> <p>The regressions addressed in both Python 3.14.2 and 3.13.11 include:</p> <ul> <li><strong>gh-142206</strong>: Exceptions in <code>multiprocessing</code> when running programs while upgrading Python.</li> <li><strong>gh-142214</strong> (3.14.2 only): Exceptions in <code>dataclasses</code> that lack an <code>__init__</code> method.</li> <li><strong>gh-142218</strong>: Segmentation faults and assertion failures in <code>insertdict</code>, which could crash the interpreter.</li> <li><strong>gh-140797</strong>: A crash when using multiple capturing groups in <code>re.Scanner</code>, leading to unexpected program termination.</li> </ul> <p>Python 3.14.2 includes an additional fix for <code>dataclasses</code> that wasn't present in 3.13.11. All these issues are now resolved, ensuring smoother operation for developers.</p> <h2>What security vulnerabilities are addressed?</h2> <p>Both releases include two identical security fixes, plus an extra one for Python 3.13.11:</p> <ul> <li><strong>gh-142145</strong> (<a href="https://www.cve.org/CVERecord?id=CVE-2025-12084" target="_blank">CVE-2025-12084</a>): Removes quadratic behavior in node ID cache clearing, preventing a denial-of-service attack.</li> <li><strong>gh-119452</strong>: Fixes a potential virtual memory allocation denial of service in <code>http.server</code>.</li> <li><strong>gh-119451</strong> (3.13.11 only): Fixes a potential denial of service in <code>http.client</code>, further hardening network code.</li> </ul> <p>These patches close vectors that could be exploited to crash services or exhaust memory. Updating is strongly advised for any production systems using Python's HTTP modules.</p> <h2>How do the fixes differ between Python 3.14.2 and 3.13.11?</h2> <p>Python 3.14.2 is the <strong>second maintenance release</strong> of the 3.14 series and contains 18 bugfixes, build improvements, and documentation changes beyond the regression and security fixes. It also addresses the <code>dataclasses</code> regression (<strong>gh-142214</strong>) that is not present in 3.13.11. Python 3.13.11, being the eleventh maintenance release of 3.13, focuses solely on the regression fixes and security updates. Notably, 3.13.11 includes an additional security fix for <code>http.client</code> (<strong>gh-119451</strong>) that is not part of the 3.14 release. Both versions share the same security fix for <code>http.server</code> (gh-119452) and the node ID cache issue (CVE-2025-12084).</p> <h2>Where can I download the new releases and find more details?</h2> <p>You can download Python 3.14.2 from <a href="https://www.python.org/downloads/release/python-3142/" target="_blank">python.org/downloads/release/python-3142/</a> and Python 3.13.11 from <a href="https://www.python.org/downloads/release/python-31311/" target="_blank">python.org/downloads/release/python-31311/</a>. Each download page includes the full changelog, links to release notes, and checksums. For detailed lists of all fixes, refer to the official changelogs linked from those pages. These are critical updates, so we encourage you to upgrade as soon as possible.</p> <h2>Who is behind these releases and how can I support Python development?</h2> <p>These releases are the work of the Python Release Team, including Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa, alongside countless volunteers who contribute to Python's development. If you find Python valuable, consider supporting the Python Software Foundation through organizational contributions or by volunteering your time. Whether you help with code, documentation, or community support, every contribution makes a difference. The team expresses gratitude from Helsinki and beyond, reminding us that Python's growth depends on its community.</p>