Tuesday, January 10, 2023

Python 3.12.0 alpha 4 released

I'm pleased to announce the release of Python 3.12 alpha 4.

https://www.python.org/downloads/release/python-3120a4/

This is an early developer preview of Python 3.12.

Major new features of the 3.12 series, compared to 3.11


Python 3.12 is still in development. This release, 3.12.0a4 is the fourth of seven planned alpha releases.

Alpha releases are intended to make it easier to test the current state of new features and bug fixes and to test the release process.

During the alpha phase, features may be added up until the start of the beta phase (2023-05-08) and, if necessary, may be modified or deleted up until the release candidate phase (2023-07-31). Please keep in mind that this is a preview release and its use is not recommended for production environments.

Many new features for Python 3.12 are still being planned and written. Among the new major new features and changes so far:
  • Even more improved error messages. More exceptions potentially caused by typos now make suggestions to the user.
  • Support for the Linux perf profiler to report Python function names in traces.
  • The deprecated wstr and wstr_length members of the C implementation of unicode objects were removed, per PEP 623.
  • In the unittest module, a number of long deprecated methods and classes were removed. (They had been deprecated since Python 3.1 or 3.2).
  • The deprecated smtpd and distutils modules have been removed (see PEP 594 and PEP 632). The setuptools package (installed by default in virtualenvs and many other places) continues to provide the distutils module.
  • A number of other old, broken and deprecated functions, classes and methods have been removed.
  • (Hey, fellow core developer, if a feature you find important is missing from this list, let Thomas know.)

For more details on the changes in Python 3.12, see What's New In Python 3.12. The next pre-release of Python 3.12 will be 3.12.0a4, currently scheduled for 2023-02-06.

More resources



And now for something completely different


Two haikus apt, as Python's development springs ever forward.

I write, erase, rewrite
Erase again, and then
A poppy blooms.

Haiku by Katsushika Hokusai.

O snail
Climb Mount Fuji,
But slowly, slowly!

Haiku by Kobayashi Issa.


Enjoy the new releases



Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.


Your release team,
Thomas Wouters
Ned Deily
Steve Dower

Tuesday, December 6, 2022

Python 3.11.1, 3.10.9, 3.9.16, 3.8.16, 3.7.16, and 3.12.0 alpha 3 are now available

Greetings! We bring you a slew of releases this fine Saint Nicholas / Sinterklaas day. Six simultaneous releases has got to be some record. There’s one more record we broke this time, you’ll see below.

In any case, updating is recommended due to security content:

  • 3.7 - 3.12: gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680 (heap use-after-free).
  • 3.7 - 3.12: gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm to fix CVE-2022-45061. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name.
  • 3.7 - 3.12: gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log.
  • 3.8 - 3.12: gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc module.
  • 3.9 - 3.10 (already released in 3.11+ before): gh-97514: On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the “forkserver” start method is affected. This prevents Linux CVE-2022-42919 (potential privilege escalation) as abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier.
  • 3.7 - 3.10: gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 to fix CVE-2022-37454.
  • 3.7 - 3.9 (already released in 3.10+ before): gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands to address CVE-2015-20107. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed).

Python 3.12.0 alpha 3

Get it here, read the change log, sing a GPT-3-generated Sinterklaas song:

https://www.python.org/downloads/release/python-3120a3/

216 new commits since 3.12.0 alpha 2 last month.

Python 3.11.1

Get it here, see the change log, read the recipe for quark soup:

https://www.python.org/downloads/release/python-3111/

A whopping 495 new commits since 3.11.0. This is a massive increase of changes comparing to 3.10 at the same stage in the release cycle: there were “only” 339 commits between 3.10.0 and 3.10.1.

Python 3.10.9

Get it here, read the change log, see circular patterns:

https://www.python.org/downloads/release/python-3109/

165 new commits.

Python 3.9.16

Get it here, read the change log, consider upgrading to a newer version:

https://www.python.org/downloads/release/python-3916/

Security-only release with no binaries. 10 commits.

Python 3.8.16

Get it here, see the change log, definitely upgrade to a newer version:

https://www.python.org/downloads/release/python-3816/

Security-only release with no binaries. 9 commits.

Python 3.7.16

Get it here, read the change log, check PEP 537 to confirm EOL is coming to this version in June 2023:

https://www.python.org/downloads/release/python-3716/

Security-only release with no binaries. 8 commits.

We hope you enjoy the new releases!

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

https://www.python.org/psf/

Your friendly release team,

Ned Deily @nad
Steve Dower @steve.dower
Pablo Galindo Salgado @pablogsal
Łukasz Langa @ambv
Thomas Wouters @thomas

 

 

 

 

 

 

 

Tuesday, November 15, 2022

Python 3.12.0 alpha 2 released

I'm pleased to announce the release of Python 3.12 alpha 2.

https://www.python.org/downloads/release/python-3120a2/

This is an early developer preview of Python 3.12.

Major new features of the 3.12 series, compared to 3.11


Python 3.12 is still in development. This release, 3.12.0a2 is the second of seven planned alpha releases.

Alpha releases are intended to make it easier to test the current state of new features and bug fixes and to test the release process.

During the alpha phase, features may be added up until the start of the beta phase (2023-05-08) and, if necessary, may be modified or deleted up until the release candidate phase (2023-07-31). Please keep in mind that this is a preview release and its use is not recommended for production environments.

Many new features for Python 3.12 are still being planned and written. Among the new major new features and changes so far:
  • Even more improved error messages. More exceptions potentially caused by typos now make suggestions to the user.
  • Support for the Linux perf profiler to report Python function names in traces.
  • The deprecated wstr and wstr_length members of the C implementation of unicode objects were removed, per PEP 623.
  • In the unittest module, a number of long deprecated methods and classes were removed. (They had been deprecated since Python 3.1 or 3.2).
  • The deprecated smtpd and distutils modules have been removed (see PEP 594 and PEP 632). The setuptools package (installed by default in virtualenvs and many other places) continues to provide the distutils module.
  • A number of other old, broken and deprecated functions, classes and methods have been removed.
  • (Hey, fellow core developer, if a feature you find important is missing from this list, let Thomas know.)

For more details on the changes in Python 3.12, see What's New In Python 3.12. The next pre-release of Python 3.12 will be 3.12.0a3, currently scheduled for 2022-12-05.

More resources



And now for something completely different


Life, believe, is not a dream
So dark as sages say;
Oft a little morning rain
Foretells a pleasant day.
Sometimes there are clouds of gloom,
But these are transient all;
If the shower will make the roses bloom,
O why lament its fall?

Rapidly, merrily,
Life's sunny hours flit by,
Gratefully, cheerily,
Enjoy them as they fly!

What though Death at times steps in
And calls our Best away?
What though sorrow seems to win,
O'er hope, a heavy sway?
Yet hope again elastic springs,
Unconquered, though she fell;
Still buoyant are her golden wings,
Still strong to bear us well.

Manfully, fearlessly,
The day of trial bear,
For gloriously, victoriously,
Can courage quell despair!
Life, by Charlotte Brontë, from Poems by Currer, Ellis, and Acton Bell.

Charlotte wrote about the publishing under pseudonyms by her and her sisters, Emily and Anne, in a preface to Emily's Wuthering Heights:
Averse to personal publicity, we veiled our own names under those of Currer, Ellis and Acton Bell; the ambiguous choice being dictated by a sort of conscientious scruple at assuming Christian names positively masculine, while we did not like to declare ourselves women, because – without at that time suspecting that our mode of writing and thinking was not what is called "feminine" – we had a vague impression that authoresses are liable to be looked on with prejudice; we had noticed how critics sometimes use for their chastisement the weapon of personality, and for their reward, a flattery, which is not true praise.


Enjoy the new releases



Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.


Your release team,
Thomas Wouters
Ned Deily
Steve Dower

Tuesday, October 25, 2022

Python 3.12.0 alpha 1 released

 As Pablo released Python 3.11.0 final earlier today, now it's my turn to release Python 3.12.0 alpha 1.


This is an early developer preview of Python 3.12

Major new features of the 3.12 series, compared to 3.11


Python 3.12 is still in development. This release, 3.12.0a1, is the first of seven planned alpha releases.

Alpha releases are intended to make it easier to test the current state of new features and bug fixes and to test the release process.

During the alpha phase, features may be added up until the start of the beta phase (2023-05-08) and, if necessary, may be modified or deleted up until the release candidate phase (2023-07-31). Please keep in mind that this is a preview release and its use is not recommended for production environments.

Many new features for Python 3.12 are still being planned and written. Among the new major new features and changes so far:
  • The deprecated `wstr` and `wstr_length` members of the C implementation of unicode objects were removed, per PEP 623.
  • In the `unittest` module, a number of long deprecated methods and classes were removed. (They had been deprecated since Python 3.1 or 3.2).
  • The deprecated `smtpd` module has been removed.
  • A number of other old, broken and deprecated functions, classes and methods have been removed.
  • (Hey, **fellow core developer,** if a feature you find important is missing from this list, let Thomas know.)
The next pre-release of Python 3.12 will be 3.12.0a2, currently scheduled for 2022-11-14.

More resources


And now for something completely different


This is Not the Poem that I Had Hoped to Write

This is not the poem that I had hoped to write
when I sat at my desk and the page was white.
You see, there were other words that I’d had in mind,
yet this is what I leave behind.

I thought it was a poem to eradicate war;
one of such power, it would heal all the sores
of a world torn apart by conflict and schism.
But it isn’t.

Lovers, I’d imagined, would quote from it daily,
Mothers would sing it to soothe crying babies.
And whole generations would be given new hope.
Nope.

I had grand aspirations. Believe me, I tried.
Humanity examined with lessons applied.
But the right words escaped me; so often they do.
Have these in lieu.


Brian Bilston

Enjoy the new releases

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.


Your release team,
Thomas Wouters
Ned Deily
Steve Dower

Monday, October 24, 2022

Python 3.11.0 is now available

 


This is the release of Python 3.11.0

Python 3.11 is finally released. In the CPython release team, we have put a lot of effort into making 3.11 the best version of Python possible. Better tracebacks, faster Python, exception groups and except*, typing improvements and much more. Get it here:

https://www.python.org/downloads/release/python-3110/

Major new features of the 3.11 series, compared to 3.10

Among the new major new features and changes so far:

  • PEP 657 – Include Fine-Grained Error Locations in Tracebacks
  • PEP 654 – Exception Groups and except*
  • PEP 673 – Self Type
  • PEP 646 – Variadic Generics
  • PEP 680 – tomllib: Support for Parsing TOML in the Standard Library
  • PEP 675 – Arbitrary Literal String Type
  • PEP 655 – Marking individual TypedDict items as required or potentially-missing
  • bpo-46752 – Introduce task groups to asyncio
  • PEP 681 – Data Class Transforms
  • bpo-433030– Atomic grouping ((?>…)) and possessive quantifiers (*+, ++, ?+, {m,n}+) are now supported in regular expressions.
  • The Faster Cpython Project is already yielding some exciting results. Python 3.11 is up to 10-60% faster than Python 3.10. On average, we measured a 1.22x speedup on the standard benchmark suite. See Faster CPython for details.

More resources

And now for something completely different

When a spherical non-rotating body of a critical radius collapses under its own gravitation under general relativity, theory suggests it will collapse to a single point. This is not the case with a rotating black hole (a Kerr black hole). With a fluid rotating body, its distribution of mass is not spherical (it shows an equatorial bulge), and it has angular momentum. Since a point cannot support rotation or angular momentum in classical physics (general relativity being a classical theory), the minimal shape of the singularity that can support these properties is instead a ring with zero thickness but non-zero radius, and this is referred to as a ringularity or Kerr singularity.

This kind of singularity has the following peculiar property. The spacetime allows a geodesic curve (describing the movement of observers and photons in spacetime) to pass through the center of this ring singularity. The region beyond permits closed time-like curves. Since the trajectory of observers and particles in general relativity are described by time-like curves, it is possible for observers in this region to return to their past. This interior solution is not likely to be physical and is considered a purely mathematical artefact.

There are some other interesting free-fall trajectories. For example, there is a point in the axis of symmetry that has the property that if an observer is below this point, the pull from the singularity will force the observer to pass through the middle of the ring singularity to the region with closed time-like curves and it will experience repulsive gravity that will push it back to the original region, but then it will experience the pull from the singularity again and will repeat this process forever. This is, of course, only if the extreme gravity doesn’t destroy the observer first.

We hope you enjoy the new releases!

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Python Core Development Sprint 2022: 3.11 and beyond!

From October 3rd to October 7th a group of Python core developers gathered for a sprint hosted at Google. The event was mainly sponsored by Google and the Python Software Foundation. The core team used to do this annually between 2016 and 2019. It was high time to return to this tradition as the remote online sprints organized in years 2020 and 2021 proved to be a poor substitution for in-person collaboration.

A group photo of the sprint participants with 25 people, mostly smiling


Participating in a core sprint that isn't following a public tech conference is unique in many ways. We come fresh and ready to work on Python for the entire week, without the brain fog that builds up during a multi-day conference. With other contributors there with us, it's easier to focus on the task at hand without professional or private interruptions. Finally, on a human level, we really missed each other. And some of us never met in real life before.

The sprint was the most active week on the repository in five years. It managed to overshadow the sprint at Meta in 2016 which happened shortly before the 3.6 beta freeze, at the time said to be "the most productive [single] week for Python ever". During the five days of the sprint there were 344 commits to our five active branches that span versions of Python from 3.7 to 3.12. 157 of those were made to the main branch alone, which will end up being Python 3.12. Some fixes were pretty deep, like the sneaky 3.11 crasher that only reproduces when performing a full pytest run on a large async app, and disappears once you start diagnosing it. Progress was made on putting full f-string parsing into the grammar of the language, which will allow some new constructs that I'm sure will raise more than one eyebrow when the time comes!

Using the opportunity of meeting in person, the sprint week contained some additional events like a Q&A meeting between the core developers and the Steering Council. We discussed the process for core mentorship, open undecided PEPs like PEP 649, or the future of the C API. To be clear, no decisions about the Python programming language are made behind closed doors. The meetings during the sprint help reaching consensus but continue in our dedicated online communications channels like discuss.python.org and the python-dev mailing list. All changes require opening issues on GitHub, and larger ones require going through the PEP process.

A few interest groups gathered to meet during the sprint as well. Most of those meetings were hybrid, meaning that they included remote participants dialing in. The documentation experts, the core workflow experts, the asyncio experts, the code of conduct working group, and the C API interest group all met to discuss their respective topics.

One highlight of the event that most participants brought up is rapid knowledge sharing that it allowed. Pair programming, whiteboard design, or simply talking somebody through a problem, happened often. Among the topics in this vein the eval breaker came up often, as did asyncio and typing topics. Ken Jin presented a summary of the performance improvements coming in Python 3.11, and Dustin Ingram talked about Sigstore for Python releases. Speaking of security, Google provided core developers attending the sprint with FIDO2 hardware security keys to additionally secure their access to GitHub and PyPI.

Some work looks further into the future. Ken Jin and C.A.M. Gerlach authored a new PEP during the sprint as well, and PEP 688 received a rewrite from Jelle Zijlstra. Carl Meyer worked on dict watchers and callbacks when a type is modified, both needed to allow for a pluggable JIT.

A vote to nominate a new core developer, Alex Waygood, was opened during the sprint and passed unanimously. Alex was present at the sprint as a collaborating triager and mentee.

Huge thanks to everybody that participated! The list below is in alphabetical order, along with thanks to the organizations that helped finance their attendance. We also acknowledge that travel for a multi-day event separates people from their families. We're grateful for their understanding. In the end, we had 28 in-person participants from 8 countries on 3 continents:

  • Brandt Bucher
  • Brett Cannon (Microsoft)
  • Ned Deily
  • Martin Demello (Google)
  • C.A.M. Gerlach
  • Larry Hastings
  • Dustin Ingram (Google)
  • Ken Jin
  • Hugo van Kemenade
  • Senthil Kumaran
  • Łukasz Langa
  • Carl Meyer (Meta)
  • Joannah Nanjekye
  • Lysandros Nikolaou
  • Benjamin Peterson
  • Guido van Rossum (Microsoft)
  • Pablo Galindo Salgado (Bloomberg)
  • Yury Selivanov (EdgeDB)
  • Mariatta (Google)
  • Mark Shannon (Microsoft)
  • Eric Smith
  • Gregory P. Smith (Google)
  • Eric Snow (Microsoft)
  • Barry Warsaw (Microsoft)
  • Alex Waygood
  • Frank Wierzbicki
  • Thomas Wouters (Google)
  • Jelle Zijlstra (Quora)

Special thanks to Greg for making the event happen!

Tuesday, October 11, 2022

Python versions 3.10.8, 3.9.15, 3.8.15, 3.7.15 now available

Déjà vu? Right, a month after the expedited releases we are doing the dance again. This coincides with the regular scheduled time for 3.10.8 but since we accrued a few fixes in 3.7 - 3.9 as well, we’re again releasing all four editions at the same time. We’re not promising to continue at this pace :sweat_smile:

Security content this time

  • CVE-2022-40674: bundled libexpat was upgraded from 2.4.7 to 2.4.9 which fixes a heap use-after-free vulnerability in function doContent
  • gh-97616: a fix for a possible buffer overflow in list *= int
  • gh-97612: a fix for possible shell injection in the example script get-remote-certificate.py(this issue originally had a CVE assigned to it, which its author withdrew)
  • gh-96577: a fix for a potential buffer overrun in msilib

Python 3.10.8

Get it here: https://www.python.org/downloads/release/python-3108/

As a bugfix release coming a mere month after an out-of-schedule security release, 3.10.8 is somewhat smaller compared to 3.9.8 released at the same stage of the release cycle a year ago. There’s 151 commits vs 204 in 3.9. It’s still a larger release than 3.10.7 at 113 commits. One way or the other, it’s worth checking out the change log.

And now for something completely different

Granular convection is a phenomenon where granular material subjected to shaking or vibration will exhibit circulation patterns similar to types of fluid convection.

It is sometimes described as the Brazil nut effect when the largest particles end up on the surface of a granular material containing a mixture of variously sized objects; this derives from the example of a typical container of mixed nuts, where the largest will be Brazil nuts.

The phenomenon is also known as the muesli effect since it is seen in packets of breakfast cereal containing particles of different sizes but similar densities, such as muesli mix.

Under experimental conditions, granular convection of variously sized particles has been observed forming convection cells similar to fluid motion.

We hope you enjoy the new releases!

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Your friendly release team,

Ned Deily @nad
Steve Dower @steve.dower
Pablo Galindo Salgado @pablogsal
Łukasz Langa @ambv