Python Ships Urgent Release Pair: 3.14.2 and 3.13.11 Fix Regressions and Security Flaws

By • min read

<h2>Python Ships Urgent Release Pair: 3.14.2 and 3.13.11 Fix Regressions and Security Flaws</h2> <p>Just three days after the previous releases, the Python team has come out with two expedited updates: Python 3.14.2 and Python 3.13.11. These are not ordinary maintenance releases—they were rushed out to address regressions that slipped into earlier versions, along with a handful of security fixes that couldn't wait. If you're running any recent Python, these are upgrades you'll want to consider immediately.</p><figure style="margin:20px 0"><img src="https://picsum.photos/seed/3514489493/800/450" alt="Python Ships Urgent Release Pair: 3.14.2 and 3.13.11 Fix Regressions and Security Flaws" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px"></figcaption></figure> <p>Below we break down what's new in each release, which bugs have been squashed, and why upgrading is strongly recommended—especially for production systems.</p> <h2 id="python-3142">Python 3.14.2: Swift Maintenance to Restore Stability</h2> <p>Python 3.14.2 is the second maintenance release of the 3.14 series. It packs <strong>18 bugfixes, build improvements, and documentation changes</strong> since <a href="https://www.python.org/downloads/release/python-3141/">Python 3.14.1</a>. However, the real reason for the rapid turnaround is a set of regressions that were introduced in the previous version.</p> <h3 id="regressions-3142">Regressions Fixed in 3.14.2</h3> <p>The following issues, which could break running code or cause crashes, have been resolved:</p> <ul> <li><strong>Multiprocessing exceptions while upgrading Python</strong> (gh-142206): Programs using the <code>multiprocessing</code> module could raise unexpected exceptions during an in-place Python upgrade. This is now fixed.</li> <li><strong>Dataclasses without <code>__init__</code> method</strong> (gh-142214): A regression caused errors when a dataclass inherits and does not define an <code>__init__</code>. The behavior now matches expectations.</li> <li><strong>Segmentation faults in <code>insertdict</code></strong> (gh-142218): A memory safety issue could lead to crashes or assertion failures in dictionary insertion logic. Critical for any code that uses dictionaries heavily.</li> <li><strong>Crash with multiple capturing groups in <code>re.Scanner</code></strong> (gh-140797): Using several capturing groups in a regular expression scanner could trigger a crash. This has been patched.</li> </ul> <h3 id="security-3142">Security Fixes in 3.14.2</h3> <p>Two security vulnerabilities have also been addressed in this release:</p> <ul> <li><strong>CVE-2025-12084</strong> (gh-142145): A quadratic-time behavior in the node ID cache clearing could be exploited for a denial of service. The cache clearing is now linear, preventing resource exhaustion.</li> <li><strong>Potential virtual memory denial of service in <code>http.server</code></strong> (gh-119452): A crafted request could cause excessive virtual memory allocation. This has been mitigated.</li> </ul> <p>For a complete list of changes, see the <a href="https://www.python.org/downloads/release/python-3142/">Python 3.14.2 changelog</a>.</p> <h2 id="python-31311">Python 3.13.11: Backporting Critical Fixes to an Older Branch</h2> <p>Python 3.13.11 is the eleventh maintenance release of the 3.13 series. It focuses on fixing a subset of the same regressions and security issues found in 3.14.2, ensuring that users still on 3.13 are also protected.</p> <h3 id="regressions-31311">Regressions Fixed in 3.13.11</h3> <ul> <li><strong>Multiprocessing exceptions while upgrading Python</strong> (gh-142206) – same as above.</li> <li><strong>Segmentation faults in <code>insertdict</code></strong> (gh-142218) – same as above.</li> <li><strong>Crash with multiple capturing groups in <code>re.Scanner</code></strong> (gh-140797) – same as above.</li> </ul> <h3 id="security-31311">Security Fixes in 3.13.11</h3> <p>Three security issues are patched in this release:</p> <ul> <li><strong>CVE-2025-12084</strong> (gh-142145) – same quadratic cache clearing fix.</li> <li><strong>Denial of service in <code>http.client</code></strong> (gh-119451): A vulnerability could allow an attacker to cause resource exhaustion via the HTTP client module.</li> <li><strong>Virtual memory denial of service in <code>http.server</code></strong> (gh-119452) – same as in 3.14.2.</li> </ul> <p>Check the <a href="https://www.python.org/downloads/release/python-31311/">Python 3.13.11 changelog</a> for the full list.</p> <h2>Why These Releases Are Important</h2> <p>Ordinarily, maintenance releases come weeks or months apart. Releasing two versions just three days after the previous ones signals elevated urgency. The regressions—especially the <code>insertdict</code> segmentation fault and the multiprocessing issue—could cause unpredictable failures in applications that rely on those core features. The security fixes, while not critical severity, close potential DoS vectors that a determined attacker might exploit.</p> <p>If you are running Python 3.14.0, 3.14.1, or 3.13.10, you are currently exposed to these bugs. Upgrading to 3.14.2 or 3.13.11 is strongly recommended.</p> <h2>How to Upgrade</h2> <p>You can download the new releases from the official Python website:</p> <ul> <li><a href="https://www.python.org/downloads/release/python-3142/">Python 3.14.2 download page</a></li> <li><a href="https://www.python.org/downloads/release/python-31311/">Python 3.13.11 download page</a></li> </ul> <p>If you use a package manager like <code>apt</code>, <code>yum</code>, or <code>conda</code>, the updates should appear in the coming days. You can also build from source by following the instructions on each page.</p> <p>After upgrading, test your applications for any regressions—though these releases are specifically meant to <em>fix</em> regressions, it's always good practice to run your test suite.</p> <h2>A Word of Thanks</h2> <p>The Python release team—Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa—worked around the clock to get these builds out the door. Special thanks go to all the volunteers who reported bugs, tested patches, and contributed code. The Python ecosystem thrives on community involvement.</p> <p>If you or your organization can support the Python Software Foundation financially, or through contributions, please consider doing so. Every bit helps keep Python free and reliable for everyone.</p> <p>Happy upgrading—and enjoy the improved stability and security.</p>