Python Releases Expedited Updates: 3.14.2 and 3.13.11 Address Regressions and Security Issues

Just three days after the previous release, the Python team has rolled out another pair of updates—Python 3.14.2 and Python 3.13.11. These are expedited releases, driven by the discovery of regressions that affected stability and performance. Alongside the corrective patches, several security vulnerabilities have also been resolved. This article provides a detailed look at what’s changed, including key bug fixes and security enhancements.

Overview of the Expedited Releases

The decision to push out these versions so quickly stems from critical regressions that were identified in the prior maintenance releases. Both Python 3.14.2 and 3.13.11 share several fixes, particularly for issues related to multiprocessing, data classes, dictionary insertion, and the re.Scanner module. Additionally, each version includes security patches, some of which address potential denial-of-service attacks. For full details, users are encouraged to review the official changelogs linked in the respective sections below.

Python 3.14.2: Second Maintenance Release

Python 3.14.2 is the second maintenance release of the 3.14 series. It contains 18 bug fixes, build improvements, and documentation updates since version 3.14.1. The following sections break down the most critical fixes included in this expedited release.

Regression Fixes

• Multiprocessing exception (gh-142206): Exceptions were being raised in multiprocessing while running programs during a Python upgrade, causing unexpected crashes.
• Data classes without __init__ (gh-142214): Exceptions occurred when using dataclasses that lacked an __init__ method, a regression from a recent change.
• Dictionary insertion crash (gh-142218): Segmentation faults and assertion failures were observed in the insertdict function, affecting dictionary operations.
• re.Scanner crash (gh-140797): Using multiple capturing groups in re.Scanner could lead to a crash.

Security Updates

• CVE-2025-12084 (gh-142145): Removed quadratic behavior in node ID cache clearing, preventing a potential denial-of-service vector.
• gh-119452: Fixed a potential virtual memory allocation denial of service in http.server.

For a complete list of changes, see the official changelog for Python 3.14.2.

Python 3.13.11: Eleventh Maintenance Release

Python 3.13.11 is the eleventh maintenance release of the 3.13 series. Like its counterpart, it is an expedited release targeting critical regressions and security issues. The same regressions that affect 3.14.2 also appear here, with a few differences in the security patch set.

Regression Fixes

• Multiprocessing exception (gh-142206): Identical issue as in 3.14.2—exceptions in multiprocessing during upgrades.
• Dictionary insertion crash (gh-142218): Segmentation faults and assertion failures in insertdict.
• re.Scanner crash (gh-140797): Crash when using multiple capturing groups.

Security Updates

• CVE-2025-12084 (gh-142145): Same as 3.14.2—quadratic behavior removed from node ID cache clearing.
• gh-119451: Fixed a potential denial of service in http.client.
• gh-119452: Fixed a potential virtual memory allocation denial of service in http.server.

Visit the official changelog for Python 3.13.11 for the full list of modifications.

Community Acknowledgments

These releases would not have been possible without the dedicated volunteers who contribute to Python’s development. The Python Software Foundation welcomes both individual and organizational support to sustain these efforts. As the release team signed off from “deeper darker Helsinki,” we extend our gratitude to Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa for their stewardship.

We encourage all Python users to upgrade to these latest versions to take advantage of the stability and security improvements described above.