Python versions 3.10.8, 3.9.15, 3.8.15, 3.7.15 now available

Déjà vu? Right, a month after the expedited releases we are doing the dance again. This coincides with the regular scheduled time for 3.10.8 but since we accrued a few fixes in 3.7 - 3.9 as well, we’re again releasing all four editions at the same time. We’re not promising to continue at this pace :sweat_smile:

Security content this time

  • CVE-2022-40674: bundled libexpat was upgraded from 2.4.7 to 2.4.9 which fixes a heap use-after-free vulnerability in function doContent
  • gh-97616: a fix for a possible buffer overflow in list *= int
  • gh-97612: a fix for possible shell injection in the example script get-remote-certificate.py (this issue originally had a CVE assigned to it, which its author withdrew)
  • gh-96577: a fix for a potential buffer overrun in msilib

Python 3.10.8

Get it here:

As a bugfix release coming a mere month after an out-of-schedule security release, 3.10.8 is somewhat smaller compared to 3.9.8 released at the same stage of the release cycle a year ago. There’s 151 commits vs 204 in 3.9. It’s still a larger release than 3.10.7 at 113 commits. One way or the other, it’s worth checking out the change log.

And now for something completely different

Granular convection is a phenomenon where granular material subjected to shaking or vibration will exhibit circulation patterns similar to types of fluid convection.

It is sometimes described as the Brazil nut effect when the largest particles end up on the surface of a granular material containing a mixture of variously sized objects; this derives from the example of a typical container of mixed nuts, where the largest will be Brazil nuts.

The phenomenon is also known as the muesli effect since it is seen in packets of breakfast cereal containing particles of different sizes but similar densities, such as muesli mix.

Under experimental conditions, granular convection of variously sized particles has been observed forming convection cells similar to fluid motion.

We hope you enjoy the new releases!

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Your friendly release team,

Ned Deily @nad
Steve Dower @steve.dower
Pablo Galindo Salgado @pablogsal
Łukasz Langa @ambv

11 Likes

ci-images for all four releases are building now

2 Likes

The mailcap vulnerability fix is not part of these releases, but that’s ok. The impact is limited to applications using mailcap and there is a way to workaround the issue (sanitize inputs).

Clarification: the mailcap fix is part of 3.10.8 but backports to 3.7 - 3.9 were not ready in time. They will be released in the next round of security fixes.

Oh right, sorry, I didn’t read my own link which says:

:slight_smile: