Python Issues Emergency Releases 3.14.2 and 3.13.11 to Fix Critical Regressions and Security Vulnerabilities

Python Releases Expedited Patches for Critical Regressions

Just three days after the last update, the Python team has rolled out emergency releases 3.14.2 and 3.13.11, addressing severe regressions and security flaws. The updates are recommended for all users, especially those running multiprocessing or HTTP servers.

According to the release team, "We discovered these regressions and security issues soon after the previous releases. An expedited fix was necessary to maintain stability and security." — Hugo van Kemenade, Python release manager.

Key Regressions Fixed

The expedited releases target four major regressions that could cause crashes or unexpected behavior:

• Exceptions in multiprocessing when upgrading Python (gh-142206)
• Exceptions in dataclasses without __init__ method (gh-142214)
• Segmentation faults and assertion failures in insertdict (gh-142218)
• Crash when using multiple capturing groups in re.Scanner (gh-140797)

Security Fixes Included

Both releases also patch several security vulnerabilities, including a critical node ID cache clearing flaw (CVE-2025-12084) and denial of service risks in http.server and http.client.

• Remove quadratic behavior in node ID cache clearing (gh-142145, CVE-2025-12084)
• Fix potential virtual memory allocation denial of service in http.server (gh-119452)
• Fix potential denial of service in http.client (gh-119451 — 3.13.11 only)

Background

Python 3.14.2 is the second maintenance release of the 3.14 series, containing 18 bugfixes, build improvements, and documentation changes since 3.14.1. Python 3.13.11 is the eleventh maintenance release of the 3.13 branch.

The team emphasized that these are expedited releases driven by the discovery of regressions shortly after the previous updates. The swift turnaround underscores the importance of maintaining stability in the core language.

What This Means

Python users, particularly those relying on multiprocessing and HTTP services, should upgrade immediately to avoid crashes and potential security exploits. The fixes for CVE-2025-12084 address a quadratic performance issue that could be triggered remotely.

For organizations managing Python deployments, this release signals the need for rapid patch cycles. The community is urged to test their applications against the new versions and update their environments as soon as possible.

Download links:

• Python 3.14.2
• Python 3.13.11

The Python Software Foundation thanks all volunteers and contributors. For full changelogs, see the official release pages.