Python 3.9.25 is available now! If you’re still using that, grab the sources and build the update as there’s some final fixes:
Security content (low severity)
There are no CVEs for those, and so other Python versions will be released with those low-priority fixes at a later date.
- gh-136063:
email.message: ensured linear complexity for legacy HTTP parameters parsing. - gh-136065: Fixed quadratic complexity in
os.path.expandvars(). - gh-120384: Fixed an array out of bounds crash in
list_ass_subscript, which could be invoked via some specificly tailored input: including concurrent modification of a list object, where one thread assigns a slice and another clears it. - gh-120298: Fix use-after free in
list_richcompare_implwhich can be invoked via some specificly tailored evil input. - gh-98793: Fix argument typechecks in
_overlapped.WSAConnect()and_overlapped.Overlapped.WSASendTo()functions that could lead to a crash. - gh-137836:
html.parser.HTMLParser: Added support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript”.
Other notable changes
- gh-136755: Fixed a regression in
ntpath.realpath()introduced in 3.9.23 as part of the tarfile filter bypass fixes.
Python 3.9 is now officially dead
I should say it reached End Of Life, but since it’s Halloween… 
PEP 596 updated and marked as final. The Downloads page and the devguide updated. The branch is deleted and replaced with a 3.9 tag for posterity.
This marks my retirement as a manager of my own Python releases. I remain on the release team, supporting installer building and automation, but I’m ready to hang up my Release Manager hat. I still have too many!
Python 3.9 was a pivotal release. We replaced the parser with a new one that opened doors to pattern matching and much better error messages later. We started supporting type annotation generics in standard collections (no more uppercase List[str]!). We switched the release cadence to annual. Python 3.9 was also the last one with a number of deprecated things kept for Python 2 backward compatibility that we later removed. Farewell, 3.9, you served us well!
If you’re still a user of Python 3.9, I don’t blame you, it’s a lovely version. But it’s time to move on to newer, greater things. Python 3.14 is the first to officially support free threading, and if you’re not ready for that jump, be sure to check out t-strings and syntax highlighting in the REPL. So upgrade today!
Signed,
the 3.9 RM.
