There’s security content in the releases, let’s dive right in.

gh-108310 <>: Fixed an issue 
where instances of ssl.SSLSocket 
<> were 
vulnerable to a bypass of the TLS handshake and included protections (like 
certificate verification) and treating sent unencrypted data as if it were 
post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 1 
<> by Aapo Oksman. 
Patch by Gregory P. Smith.
Upgrading is highly recommended to all users of affected versions.


Get it here:

This release was held up somewhat by the resolution of this CVE, which is why 
it includes a whopping 328 new commits since 3.11.4 (compared to 238 commits 
between 3.10.4 and 3.10.5). Among those, there is a fix for CVE-2023-41105 
<>which affected 
Python 3.11.0 - 3.11.4. See gh-106242 
<> for details.

There are also some fixes for crashes, check out the change log 
<> to see all 

Most importantly, the release notes on the downloads page 
<> include a description 
of the Larmor precession. I understood some of the words there!


Get it here:

16 commits.


Get it here:

11 commits.


Get it here:

9 commits.

 safe and upgrade!

Thanks to all of the many volunteers who help make Python Development and these 
releases possible! Please consider supporting our efforts by volunteering 
yourself or through organization contributions to the Python Software 

Łukasz Langa @ambv <>
on behalf of your friendly release team,

Ned Deily @nad <>
Steve Dower @steve.dower <>
Pablo Galindo Salgado @pablogsal <>
Łukasz Langa @ambv <>
Thomas Wouters @thomas <>

Attachment: signature.asc
Description: Message signed with OpenPGP

Python-announce-list mailing list --
To unsubscribe send an email to
Member address:

Reply via email to