3.7.5rc1 cutoff ahead

A reminder: it is time for the next quarterly maintenance release of Python 3.7. The cutoff for 3.7.5rc1 is scheduled for this coming Monday (2019-09-16) by the end of day AOE. Please review open issues and ensure that any that you believe need to be addressed in 3.7.5 are either resolved or marked as a release blocker. Any assistance you can provide in helping resolve issues will be greatly appreciated. Following the rc1 cutoff, changes merged to the 3.7 branch will be released in 3.7.6 three months from now unless you mark the issue as a release blocker prior to 3.7.5 final, planned for release on 2019-09-30 and explain why the change should be cherry-picked into the final release.

Thanks to everyone who has been helping to ensure the continued success of Python 3.7! Our users truly appreciate it and are showing their confidence in us by the rapid adoption of these latest releases.

P.S. A number of core developers are participating in this year’s core developer sprint taking place this week in London. So it is a good time to catch many of us in the same place at the same time (and British Summer Time, at that).


2019-09-17 Update: as of the scheduled cutoff time earlier today, we had two recently identified release blocker issues open. Thanks to Andrew and Yury, one of them is now resolved with code (bpo-38013). The other (bpo-30458 and bpo-36274) remains unresolved at this point. Because the issue(s) involve an apparent regression introduced in a fix for a security issue in 3.7.4, a regression that has affected at least one third-party project (and has the potential to affect releases from other branches), I think we should resolve this now. A number of core devs have been involved in these two issues most recently Jason. I’m am going to delay tagging the release for at least a day. Anything you can do to help resolve this one, especially if you have already been involved with it, would be greatly appreciated.

https://bugs.python.org/issue30458 [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)

https://bugs.python.org/issue36274 http.client cannot send non-ASCII request lines

2019-09-28 Update: we are still awaiting resolution of some release blockers but I am hopeful we will be unblocked very shortly. I have rescheduled the cutoff for 3.7.5rc1 for this coming Monday (2019-09-30) and, assuming no showstopper problems are identified in the release candidate, 3.7.5 final will follow on 2019-10-14.

Please note that the next few weeks are very important ones for Python releases. Besides 3.7.5, important code cutoffs and release candidate testing periods are coming up for 3.8.0, 3.5.8, and 2.7.17. Please keep an eye out for release blockers, test failures, and any other issues that could affect the quality of releases and please open or update issues on b.p.o, adding release blocker priority as necessary to make sure the release managers are aware of them. Thanks!

1 Like