Python Releases Urgent Patches: Version 3.14.2 and 3.13.11 Address Regressions and Security Flaws

Just days after the previous releases, the Python team has rolled out two more updates: Python 3.14.2 and Python 3.13.11. These expedited versions focus on fixing regressions discovered in the latest maintenance updates and include several security patches. This rapid response underscores the project's commitment to stability and user safety.

Python 3.14.2

Python 3.14.2 is the second maintenance release of the 3.14 series, bringing 18 bugfixes, build improvements, and documentation changes since version 3.14.1. However, the primary goal is to address critical regressions that affected multiprocessing, dataclasses, dictionary insertion, and regular expressions. Below are the specific issues resolved:

Resolved Regressions

• gh-142206 — Exceptions in multiprocessing when upgrading Python while programs are running.
• gh-142214 — Exceptions in dataclasses that lack an __init__ method.
• gh-142218 — Segmentation faults and assertion failures in the insertdict function.
• gh-140797 — Crashes when using multiple capturing groups in re.Scanner.

Security Fixes

• gh-142145 — Removed quadratic behavior in node ID cache clearing, addressing CVE-2025-12084.
• gh-119452 — Fixed a potential virtual memory allocation denial of service in http.server.

Download Python 3.14.2 from the official release page. For a complete list of changes, see the full changelog.

Python 3.13.11

Python 3.13.11 is the eleventh maintenance release of the 3.13 series. Like its counterpart, this version was expedited to fix regressions and bolster security. The updates mirror many of the 3.14.2 fixes, with additional security enhancements for http.client.

Resolved Regressions

• gh-142206 — Exceptions in multiprocessing during Python upgrades.
• gh-142218 — Segmentation faults and assertion failures in insertdict.
• gh-140797 — Crashes in re.Scanner with multiple capturing groups.

Security Fixes

• gh-142145 — Quadratic-to-linear cache clearing (CVE-2025-12084).
• gh-119451 — Fix for a potential denial of service in http.client.
• gh-119452 — Fix for a potential virtual memory allocation denial of service in http.server.

Download Python 3.13.11 from the official release page. Review the full changelog for details.

Acknowledgments and Community Support

The Python team extends heartfelt thanks to the numerous volunteers who contribute to Python development and these releases. Their dedication ensures that the language remains robust, secure, and up-to-date. If you or your organization would like to support these efforts, consider donating to the Python Software Foundation or getting involved as a volunteer.

Release team: Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa

Stay tuned for future updates and happy coding!