Python Ships Urgent Release Pair: 3.14.2 and 3.13.11 Fix Regressions and Security Flaws
Python Ships Urgent Release Pair: 3.14.2 and 3.13.11 Fix Regressions and Security Flaws
Just three days after the previous releases, the Python team has come out with two expedited updates: Python 3.14.2 and Python 3.13.11. These are not ordinary maintenance releases—they were rushed out to address regressions that slipped into earlier versions, along with a handful of security fixes that couldn't wait. If you're running any recent Python, these are upgrades you'll want to consider immediately.
Below we break down what's new in each release, which bugs have been squashed, and why upgrading is strongly recommended—especially for production systems.
Python 3.14.2: Swift Maintenance to Restore Stability
Python 3.14.2 is the second maintenance release of the 3.14 series. It packs 18 bugfixes, build improvements, and documentation changes since Python 3.14.1. However, the real reason for the rapid turnaround is a set of regressions that were introduced in the previous version.
Regressions Fixed in 3.14.2
The following issues, which could break running code or cause crashes, have been resolved:
- Multiprocessing exceptions while upgrading Python (gh-142206): Programs using the
multiprocessingmodule could raise unexpected exceptions during an in-place Python upgrade. This is now fixed. - Dataclasses without
__init__method (gh-142214): A regression caused errors when a dataclass inherits and does not define an__init__. The behavior now matches expectations. - Segmentation faults in
insertdict(gh-142218): A memory safety issue could lead to crashes or assertion failures in dictionary insertion logic. Critical for any code that uses dictionaries heavily. - Crash with multiple capturing groups in
re.Scanner(gh-140797): Using several capturing groups in a regular expression scanner could trigger a crash. This has been patched.
Security Fixes in 3.14.2
Two security vulnerabilities have also been addressed in this release:
- CVE-2025-12084 (gh-142145): A quadratic-time behavior in the node ID cache clearing could be exploited for a denial of service. The cache clearing is now linear, preventing resource exhaustion.
- Potential virtual memory denial of service in
http.server(gh-119452): A crafted request could cause excessive virtual memory allocation. This has been mitigated.
For a complete list of changes, see the Python 3.14.2 changelog.
Python 3.13.11: Backporting Critical Fixes to an Older Branch
Python 3.13.11 is the eleventh maintenance release of the 3.13 series. It focuses on fixing a subset of the same regressions and security issues found in 3.14.2, ensuring that users still on 3.13 are also protected.
Regressions Fixed in 3.13.11
- Multiprocessing exceptions while upgrading Python (gh-142206) – same as above.
- Segmentation faults in
insertdict(gh-142218) – same as above. - Crash with multiple capturing groups in
re.Scanner(gh-140797) – same as above.
Security Fixes in 3.13.11
Three security issues are patched in this release:
- CVE-2025-12084 (gh-142145) – same quadratic cache clearing fix.
- Denial of service in
http.client(gh-119451): A vulnerability could allow an attacker to cause resource exhaustion via the HTTP client module. - Virtual memory denial of service in
http.server(gh-119452) – same as in 3.14.2.
Check the Python 3.13.11 changelog for the full list.
Why These Releases Are Important
Ordinarily, maintenance releases come weeks or months apart. Releasing two versions just three days after the previous ones signals elevated urgency. The regressions—especially the insertdict segmentation fault and the multiprocessing issue—could cause unpredictable failures in applications that rely on those core features. The security fixes, while not critical severity, close potential DoS vectors that a determined attacker might exploit.
If you are running Python 3.14.0, 3.14.1, or 3.13.10, you are currently exposed to these bugs. Upgrading to 3.14.2 or 3.13.11 is strongly recommended.
How to Upgrade
You can download the new releases from the official Python website:
If you use a package manager like apt, yum, or conda, the updates should appear in the coming days. You can also build from source by following the instructions on each page.
After upgrading, test your applications for any regressions—though these releases are specifically meant to fix regressions, it's always good practice to run your test suite.
A Word of Thanks
The Python release team—Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa—worked around the clock to get these builds out the door. Special thanks go to all the volunteers who reported bugs, tested patches, and contributed code. The Python ecosystem thrives on community involvement.
If you or your organization can support the Python Software Foundation financially, or through contributions, please consider doing so. Every bit helps keep Python free and reliable for everyone.
Happy upgrading—and enjoy the improved stability and security.