Python 3.14.2 and 3.13.11: Quick-Fix Releases Address Regressions and Security Gaps

<p>The Python team has rolled out two expedited releases—<strong>Python 3.14.2</strong> and <strong>3.13.11</strong>—just three days after their predecessors. These quick-turnaround versions focus on fixing critical regressions and patching security vulnerabilities that emerged in the previous updates. Below, we answer common questions about what’s new, what’s fixed, and how these releases affect your Python environment.</p> <h2 id="q1">Why were Python 3.14.2 and 3.13.11 released so soon after the previous versions?</h2> <p>The Python release team identified several regressions in the most recent maintenance releases (3.14.1 and 3.13.10) that could disrupt developers and production systems. For example, exceptions in the <strong>multiprocessing</strong> module could appear when upgrading Python on a running system, and certain <strong>dataclasses</strong> without an <code>__init__</code> method would break. Additionally, <strong>re.Scanner</strong> crashes and <strong>insertdict</strong> segmentation faults made immediate fixes necessary. To address these issues quickly, the team expedited the releases, bundling them with crucial security patches. This proactive approach ensures that users can continue working without waiting for the normal release cycle.</p><figure style="margin:20px 0"><img src="https://picsum.photos/seed/2864802650/800/450" alt="Python 3.14.2 and 3.13.11: Quick-Fix Releases Address Regressions and Security Gaps" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px"></figcaption></figure> <h2 id="q2">What regressions are fixed in Python 3.14.2?</h2> <p>Python 3.14.2, the second maintenance release of the 3.14 series, resolves four regressions:</p> <ul> <li><strong>gh-142206</strong>: Exceptions in <code>multiprocessing</code> when upgrading Python while programs are running.</li> <li><strong>gh-142214</strong>: Exceptions in <code>dataclasses</code> that lack an <code>__init__</code> method.</li> <li><strong>gh-142218</strong>: Segmentation faults and assertion failures in the <code>insertdict</code> operation.</li> <li><strong>gh-140797</strong>: Crashes when using multiple capturing groups in <code>re.Scanner</code>.</li> </ul> <p>These fixes restore stability in concurrent programming, class definition, dictionary insertion, and regular expression scanning.</p> <h2 id="q3">What security fixes are included in both Python 3.14.2 and 3.13.11?</h2> <p>Both releases share <strong>CVE-2025-12084</strong>, which removes quadratic behavior in node ID cache clearing—a vulnerability that could lead to denial-of-service attacks. Additionally, they fix a potential virtual memory allocation denial of service in <strong>http.server</strong> (CVE-2025-12085 in 3.14.2, tracked as gh-119452). Python 3.13.11 includes an extra security patch: a denial-of-service fix in <strong>http.client</strong> (gh-119451). These patches close gaps that attackers could exploit to consume excessive system resources.</p> <h2 id="q4">What is the purpose of maintenance releases like 3.14.2 and 3.13.11?</h2> <p>Maintenance releases, such as these, are designed to improve the stability and security of Python without adding new features. They focus on <strong>bugfixes</strong>, <strong>build improvements</strong>, and <strong>documentation changes</strong>. For example, Python 3.14.2 contains 18 such improvements since 3.14.1. These releases ensure that users on a specific Python version can benefit from the latest fixes without upgrading to a major new release, which might introduce breaking changes.</p> <h2 id="q5">How many bugfixes are in Python 3.14.2 compared to 3.14.1?</h2> <p>Python 3.14.2 includes <strong>18 bugfixes, build improvements, and documentation changes</strong> beyond what 3.14.1 offered. That’s a significant number for a minor patch release, reflecting the urgency behind the regressions and security issues. Users who skipped 3.14.1 should note that 3.14.2 includes all fixes from 3.14.1 plus these additional corrections.</p> <h2 id="q6">Are there specific fixes for the <code>re.Scanner</code> module?</h2> <p>Yes. Both Python 3.14.2 and 3.13.11 address a crash that occurred when using <strong>multiple capturing groups</strong> in <code>re.Scanner</code> (issue gh-140797). Previously, certain complex patterns could cause the scanner to fail unexpectedly. This fix ensures that developers can safely use advanced regular expression features without worrying about segmentation faults or hangs.</p> <h2 id="q7">Where can I download these releases and find the full changelogs?</h2> <p>You can download Python 3.14.2 from the <a href="https://www.python.org/downloads/release/python-3142/">official release page</a> and Python 3.13.11 from <a href="https://www.python.org/downloads/release/python-31311/">its release page</a>. For a complete list of changes, refer to the full changelogs linked on those pages. The Python Software Foundation encourages users to upgrade as soon as possible, especially because these releases address both stability regressions and security vulnerabilities.</p>