Changelog

Python 3.13.12 final

Release date: 2026-02-03

Windows

• gh-128067: Fix a bug in PyREPL on Windows where output without a trailing newline was overwritten by the next prompt.

Tools/Demos

• gh-142095: Make gdb ‘py-bt’ command use frame from thread local state when available. Patch by Sam Gross and Victor Stinner.

Tests

• gh-144415: The Android testbed now distinguishes between stdout/stderr messages which were triggered by a newline, and those triggered by a manual call to flush. This fixes logging of progress indicators and similar content.

• gh-65784: Add support for parametrized resource wantobjects in regrtests, which allows to run Tkinter tests with the specified value of tkinter.wantobjects, for example -u wantobjects=0.

• gh-143553: Add support for parametrized resources, such as -u xpickle=2.7.

• gh-142836: Accommodated Solaris in test_pdb.test_script_target_anonymous_pipe.

• gh-129401: Fix a flaky test in test_repr_rlock that checks the representation of multiprocessing.RLock.

• bpo-31391: Forward-port test_xpickle from Python 2 to Python 3 and add the resource back to test’s command line.

Security

• gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650).

• gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs.

• gh-143925: Reject control characters in data: URL media types.

• gh-143919: Reject control characters in http.cookies.Morsel fields and values.

• gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters.

Library

• gh-144380: Improve performance of io.BufferedReader line iteration by ~49%.

• gh-144169: Fix three crashes when non-string keyword arguments are supplied to objects in the ast module.

• gh-144100: Fixed a crash in ctypes when using a deprecated POINTER(str) type in argtypes. Instead of aborting, ctypes now raises a proper Python exception when the pointer target type is unresolved.

• gh-144050: Fix stat.filemode() in the pure-Python implementation to avoid misclassifying invalid mode values as block devices.

• gh-144023: Fixed validation of file descriptor 0 in posix functions when used with follow_symlinks parameter.

• gh-143999: Fix an issue where inspect.getgeneratorstate() and inspect.getcoroutinestate() could fail for generators wrapped by types.coroutine() in the suspended state.

• gh-143706: Fix multiprocessing forkserver so that sys.argv is correctly set before __main__ is preloaded. Previously, sys.argv was empty during main module import in forkserver child processes. This fixes a regression introduced in 3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test provided by Thomas Watson, thanks!

• gh-143638: Forbid reentrant calls of the pickle.Pickler and pickle.Unpickler methods for the C implementation. Previously, this could cause crash or data corruption, now concurrent calls of methods of the same object raise RuntimeError.

• gh-78724: Raise RuntimeError’s when user attempts to call methods on half-initialized Struct objects, For example, created by Struct.__new__(Struct). Patch by Sergey B Kirpichev.

• gh-143602: Fix a inconsistency issue in write() that leads to unexpected buffer overwrite by deduplicating the buffer exports.

• gh-143547: Fix sys.unraisablehook() when the hook raises an exception and changes sys.unraisablehook(): hold a strong reference to the old hook. Patch by Victor Stinner.

• gh-143378: Fix use-after-free crashes when a BytesIO object is concurrently mutated during write() or writelines().

• gh-143346: Fix incorrect wrapping of the Base64 data in plistlib._PlistWriter when the indent contains a mix of tabs and spaces.

• gh-143310: tkinter: fix a crash when a Python list is mutated during the conversion to a Tcl object (e.g., when setting a Tcl variable). Patch by Bénédikt Tran.

• gh-143309: Fix a crash in os.execve() on non-Windows platforms when given a custom environment mapping which is then mutated during parsing. Patch by Bénédikt Tran.

• gh-143308: pickle: fix use-after-free crashes when a PickleBuffer is concurrently mutated by a custom buffer callback during pickling. Patch by Bénédikt Tran and Aaron Wieczorek.

• gh-143237: Fix support of named pipes in the rotating logging handlers.

• gh-143249: Fix possible buffer leaks in Windows overlapped I/O on error handling.

• gh-143241: zoneinfo: fix infinite loop in ZoneInfo.from_file when parsing a malformed TZif file. Patch by Fatih Celik.

• gh-142830: sqlite3: fix use-after-free crashes when the connection’s callbacks are mutated during a callback execution. Patch by Bénédikt Tran.

• gh-143200: xml.etree.ElementTree: fix use-after-free crashes in __getitem__() and __setitem__() methods of Element when the element is concurrently mutated. Patch by Bénédikt Tran.

• gh-142195: Updated timeout evaluation logic in subprocess to be compatible with deterministic environments like Shadow where time moves exactly as requested.

• gh-143145: Fixed a possible reference leak in ctypes when constructing results with multiple output parameters on error.

• gh-122431: Corrected the error message in readline.append_history_file() to state that nelements must be non-negative instead of positive.

• gh-143004: Fix a potential use-after-free in collections.Counter.update() when user code mutates the Counter during an update.

• gh-143046: The asyncio REPL no longer prints copyright and version messages in the quiet mode (-q). Patch by Bartosz Sławecki.

• gh-140648: The asyncio REPL now respects the -I flag (isolated mode). Previously, it would load and execute PYTHONSTARTUP even if the flag was set. Contributed by Bartosz Sławecki.

• gh-142991: Fixed socket operations such as recvfrom() and sendto() for FreeBSD divert(4) socket.

• gh-143010: Fixed a bug in mailbox where the precise timing of an external event could result in the library opening an existing file instead of a file it expected to create.

• gh-142881: Fix concurrent and reentrant call of atexit.unregister().

• gh-112127: Fix possible use-after-free in atexit.unregister() when the callback is unregistered during comparison.

• gh-142783: Fix zoneinfo use-after-free with descriptor _weak_cache. a descriptor as _weak_cache could cause crashes during object creation. The fix ensures proper reference counting for descriptor-provided objects.

• gh-142754: Add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead.

• gh-142784: The asyncio REPL now properly closes the loop upon the end of interactive session. Previously, it could cause surprising warnings. Contributed by Bartosz Sławecki.

• gh-142555: array: fix a crash in a[i] = v when converting i to an index via i.__index__ or i.__float__ mutates the array.

• gh-142594: Fix crash in TextIOWrapper.close() when the underlying buffer’s closed property calls detach().

• gh-142451: hmac: Ensure that the HMAC.block_size attribute is correctly copied by HMAC.copy. Patch by Bénédikt Tran.

• gh-142495: collections.defaultdict now prioritizes __setitem__() when inserting default values from default_factory. This prevents race conditions where a default value would overwrite a value set before default_factory returns.

• gh-142651: unittest.mock: fix a thread safety issue where Mock.call_count may return inaccurate values when the mock is called concurrently from multiple threads.

• gh-142595: Added type check during initialization of the decimal module to prevent a crash in case of broken stdlib. Patch by Sergey B Kirpichev.

• gh-142517: The non-compat32 email policies now correctly handle refolding encoded words that contain bytes that can not be decoded in their specified character set. Previously this resulted in an encoding exception during folding.

• gh-112527: The help text for required options in argparse no longer extended with “ (default: None)”.

• gh-142315: Pdb can now run scripts from anonymous pipes used in process substitution. Patch by Bartosz Sławecki.

• gh-142282: Fix winreg.QueryValueEx() to not accidentally read garbage buffer under race condition.

• gh-75949: Fix argparse to preserve | separators in mutually exclusive groups when the usage line wraps due to length.

• gh-68552: MisplacedEnvelopeHeaderDefect and Missing header name defects are now correctly passed to the handle_defect method of policy in FeedParser.

• gh-142006: Fix a bug in the email.policy.default folding algorithm which incorrectly resulted in a doubled newline when a line ending at exactly max_line_length was followed by an unfoldable token.

• gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving underlying cancelled asyncio task running.

• gh-139971: pydoc: Ensure that the link to the online documentation of a stdlib module is correct.

• gh-139262: Some keystrokes can be swallowed in the new PyREPL on Windows, especially when used together with the ALT key. Fix by Chris Eibl.

• gh-138897: Improved license/copyright/credits display in the REPL: now uses a pager.

• gh-79986: Add parsing for References and In-Reply-To headers to the email library that parses the header content as lists of message id tokens. This prevents them from being folded incorrectly.

• gh-109263: Starting a process from spawn context in multiprocessing no longer sets the start method globally.

• gh-90871: Fixed an off by one error concerning the backlog parameter in create_unix_server(). Contributed by Christian Harries.

• gh-133253: Fix thread-safety issues in linecache.

• gh-132715: Skip writing objects during marshalling once a failure has occurred.

• gh-127529: Correct behavior of asyncio.selector_events.BaseSelectorEventLoop._accept_connection() in handling ConnectionAbortedError in a loop. This improves performance on OpenBSD.

IDLE

• gh-143774: Better explain the operation of Format / Format Paragraph.

Documentation

• gh-140806: Add documentation for enum.bin().

Core and Builtins

• gh-144307: Prevent a reference leak in module teardown at interpreter finalization.

• gh-144194: Fix error handling in perf jitdump initialization on memory allocation failure.

• gh-141805: Fix crash in set when objects with the same hash are concurrently added to the set after removing an element with the same hash while the set still contains elements with the same hash.

• gh-143670: Fixes a crash in ga_repr_items_list function.

• gh-143377: Fix a crash in _interpreters.capture_exception() when the exception is incorrectly formatted. Patch by Bénédikt Tran.

• gh-143189: Fix crash when inserting a non-str key into a split table dictionary when the key matches an existing key in the split table but has no corresponding value in the dict.

• gh-143228: Fix use-after-free in perf trampoline when toggling profiling while threads are running or during interpreter finalization with daemon threads active. The fix uses reference counting to ensure trampolines are not freed while any code object could still reference them. Pach by Pablo Galindo

• gh-142664: Fix a use-after-free crash in memoryview.__hash__ when the __hash__ method of the referenced object mutates that object or the view. Patch by Bénédikt Tran.

• gh-142557: Fix a use-after-free crash in bytearray.__mod__ when the bytearray is mutated while formatting the %-style arguments. Patch by Bénédikt Tran.

• gh-143195: Fix use-after-free crashes in bytearray.hex() and memoryview.hex() when the separator’s __len__() mutates the original object. Patch by Bénédikt Tran.

• gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is 0. Previously, it was set to 0 in this case.

• gh-143003: Fix an overflow of the shared empty buffer in bytearray.extend() when __length_hint__() returns 0 for non-empty iterator.

• gh-143006: Fix a possible assertion error when comparing negative non-integer float and int with the same number of bits in the integer part.

• gh-142776: Fix a file descriptor leak in import.c

• gh-142829: Fix a use-after-free crash in contextvars.Context comparison when a custom __eq__ method modifies the context via set().

• gh-142766: Clear the frame of a generator when generator.close() is called.

• gh-142737: Tracebacks will be displayed in fallback mode even if io.open() is lost. Previously, this would crash the interpreter. Patch by Bartosz Sławecki.

• gh-142554: Fix a crash in divmod() when _pylong.int_divmod() does not return a tuple of length two exactly. Patch by Bénédikt Tran.

• gh-142560: Fix use-after-free in bytearray search-like methods (find(), count(), index(), rindex(), and rfind()) by marking the storage as exported which causes reallocation attempts to raise BufferError. For contains(), split(), and rsplit() the buffer protocol is used for this.

• gh-142343: Fix SIGILL crash on m68k due to incorrect assembly constraint.

• gh-141732: Ensure the __repr__() for ExceptionGroup and BaseExceptionGroup does not change when the exception sequence that was original passed in to its constructor is subsequently mutated.

• gh-100964: Fix reference cycle in exhausted generator frames. Patch by Savannah Ostrowski.

• gh-140373: Correctly emit PY_UNWIND event when generator object is closed. Patch by Mikhail Efimov.

• gh-138568: Adjusted the built-in help() function so that empty inputs are ignored in interactive mode.

• gh-127773: Do not use the type attribute cache for types with incompatible MRO.

C API

• gh-142571: PyUnstable_CopyPerfMapFile() now checks that opening the file succeeded before flushing.

Build

• gh-142454: When calculating the digest of the JIT stencils input, sort the hashed files by filenames before adding their content to the hasher. This ensures deterministic hash input and hence deterministic hash, independent on filesystem order.

• gh-141808: When running make clean-retain-profile, keep the generated JIT stencils. That way, the stencils are not generated twice when Profile-guided optimization (PGO) is used. It also allows distributors to supply their own pre-built JIT stencils.

• gh-138061: Ensure reproducible builds by making JIT stencil header generation deterministic.

Python 3.13.11 final

Release date: 2025-12-05

Security

• gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing.

• gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.

• gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.

Library

• gh-140797: Revert changes to the undocumented re.Scanner class. Capturing groups are still allowed for backward compatibility, although using them can lead to incorrect result. They will be forbidden in future Python versions.

• gh-142206: The resource tracker in the multiprocessing module now uses the original communication protocol, as in Python 3.14.0 and below, by default. This avoids issues with upgrading Python while it is running. (Note that such ‘in-place’ upgrades are not tested.) The tracker remains compatible with subprocesses that use new protocol (that is, subprocesses using Python 3.13.10, 3.14.1 and 3.15).

Core and Builtins

• gh-142218: Fix crash when inserting into a split table dictionary with a non str key that matches an existing key.

Python 3.13.10 final

Release date: 2025-12-02

Tools/Demos

• gh-141442: The iOS testbed now correctly handles test arguments that contain spaces.

Tests

• gh-140482: Preserve and restore the state of stty echo as part of the test environment.

• gh-140082: Update python -m test to set FORCE_COLOR=1 when being run with color enabled so that unittest which is run by it with redirected output will output in color.

• gh-136442: Use exitcode 1 instead of 5 if unittest.TestCase.setUpClass() raises an exception

Security

• gh-139700: Check consistency of the zip64 end of central directory record. Support records with “zip64 extensible data” if there are no bytes prepended to the ZIP file.

• gh-137836: Add support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript” in html.parser.HTMLParser.

• gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bénédikt Tran.

• gh-136065: Fix quadratic complexity in os.path.expandvars().

• gh-119342: Fix a potential memory denial of service in the plistlib module. When reading a Plist file received from untrusted source, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.

Library

• gh-74389: When the stdin being used by a subprocess.Popen instance is closed, this is now ignored in subprocess.Popen.communicate() instead of leaving the class in an inconsistent state.

• gh-87512: Fix subprocess.Popen.communicate() timeout handling on Windows when writing large input. Previously, the timeout was ignored during stdin writing, causing the method to block indefinitely if the child process did not consume input quickly. The stdin write is now performed in a background thread, allowing the timeout to be properly enforced.

• gh-141473: When subprocess.Popen.communicate() was called with input and a timeout and is called for a second time after a TimeoutExpired exception before the process has died, it should no longer hang.

• gh-59000: Fix pdb breakpoint resolution for class methods when the module defining the class is not imported.

• gh-141570: Support file-like object raising OSError from fileno() in color detection (_colorize.can_colorize()). This can occur when sys.stdout is redirected.

• gh-141659: Fix bad file descriptor errors from _posixsubprocess on AIX.

• gh-141497: ipaddress: ensure that the methods IPv4Network.hosts() and IPv6Network.hosts() always return an iterator.

• gh-140938: The statistics.stdev() and statistics.pstdev() functions now raise a ValueError when the input contains an infinity or a NaN.

• gh-124111: Updated Tcl threading configuration in _tkinter to assume that threads are always available in Tcl 9 and later.

• gh-137109: The os.fork and related forking APIs will no longer warn in the common case where Linux or macOS platform APIs return the number of threads in a process and find the answer to be 1 even when a os.register_at_fork() after_in_parent= callback (re)starts a thread.

• gh-141314: Fix assertion failure in io.TextIOWrapper.tell() when reading files with standalone carriage return (\r) line endings.

• gh-141311: Fix assertion failure in io.BytesIO.readinto() and undefined behavior arising when read position is above capcity in io.BytesIO.

• gh-141141: Fix a thread safety issue with base64.b85decode(). Contributed by Benel Tayar.

• gh-140911: collections: Ensure that the methods UserString.rindex() and UserString.index() accept collections.UserString instances as the sub argument.

• gh-140797: The undocumented re.Scanner class now forbids regular expressions containing capturing groups in its lexicon patterns. Patterns using capturing groups could previously lead to crashes with segmentation fault. Use non-capturing groups (?:…) instead.

• gh-140815: faulthandler now detects if a frame or a code object is invalid or freed. Patch by Victor Stinner.

• gh-100218: Correctly set errno when socket.if_nametoindex() or socket.if_indextoname() raise an OSError. Patch by Bénédikt Tran.

• gh-140875: Fix handling of unclosed character references (named and numerical) followed by the end of file in html.parser.HTMLParser with convert_charrefs=False.

• gh-140734: multiprocessing: fix off-by-one error when checking the length of a temporary socket file path. Patch by Bénédikt Tran.

• gh-140874: Bump the version of pip bundled in ensurepip to version 25.3

• gh-140691: In urllib.request, when opening a FTP URL fails because a data connection cannot be made, the control connection’s socket is now closed to avoid a ResourceWarning.

• gh-103847: Fix hang when cancelling process created by asyncio.create_subprocess_exec() or asyncio.create_subprocess_shell(). Patch by Kumar Aditya.

• gh-140590: Fix arguments checking for the functools.partial.__setstate__() that may lead to internal state corruption and crash. Patch by Sergey Miryanov.

• gh-140634: Fix a reference counting bug in os.sched_param.__reduce__().

• gh-140633: Ignore AttributeError when setting a module’s __file__ attribute when loading an extension module packaged as Apple Framework.

• gh-140593: xml.parsers.expat: Fix a memory leak that could affect users with ElementDeclHandler() set to a custom element declaration handler. Patch by Sebastian Pipping.

• gh-140607: Inside io.RawIOBase.read(), validate that the count of bytes returned by io.RawIOBase.readinto() is valid (inside the provided buffer).

• gh-138162: Fix logging.LoggerAdapter with merge_extra=True and without the extra argument.

• gh-140474: Fix memory leak in array.array when creating arrays from an empty str and the u type code.

• gh-140272: Fix memory leak in the clear() method of the dbm.gnu database.

• gh-140041: Fix import of ctypes on Android and Cygwin when ABI flags are present.

• gh-139905: Add suggestion to error message for typing.Generic subclasses when cls.__parameters__ is missing due to a parent class failing to call super().__init_subclass__() in its __init_subclass__.

• gh-139845: Fix to not print KeyboardInterrupt twice in default asyncio REPL.

• gh-139783: Fix inspect.getsourcelines() for the case when a decorator is followed by a comment or an empty line.

• gh-70765: http.server: fix default handling of HTTP/0.9 requests in BaseHTTPRequestHandler. Previously, BaseHTTPRequestHandler.parse_request() incorrectly waited for headers in the request although those are not supported in HTTP/0.9. Patch by Bénédikt Tran.

• gh-139391: Fix an issue when, on non-Windows platforms, it was not possible to gracefully exit a python -m asyncio process suspended by Ctrl+Z and later resumed by fg other than with kill.

• gh-101828: Fix 'shift_jisx0213', 'shift_jis_2004', 'euc_jisx0213' and 'euc_jis_2004' codecs truncating null chars as they were treated as part of multi-character sequences.

• gh-139246: fix: paste zero-width in default repl width is wrong.

• gh-90949: Add SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of disproportional amounts of dynamic memory from within an Expat parser. Patch by Bénédikt Tran.

• gh-139065: Fix trailing space before a wrapped long word if the line length is exactly width in textwrap.

• gh-138993: Dedent credits text.

• gh-138859: Fix generic type parameterization raising a TypeError when omitting a ParamSpec that has a default which is not a list of types.

• gh-138775: Use of python -m with base64 has been fixed to detect input from a terminal so that it properly notices EOF.

• gh-98896: Fix a failure in multiprocessing resource_tracker when SharedMemory names contain colons. Patch by Rani Pinchuk.

• gh-75989: tarfile.TarFile.extractall() and tarfile.TarFile.extract() now overwrite symlinks when extracting hardlinks. (Contributed by Alexander Enrique Urieles Nieto in gh-75989.)

• gh-83424: Allows creating a ctypes.CDLL without name when passing a handle as an argument.

• gh-136234: Fix asyncio.WriteTransport.writelines() to be robust to connection failure, by using the same behavior as write().

• gh-136057: Fixed the bug in pdb and bdb where next and step can’t go over the line if a loop exists in the line.

• gh-135307: email: Fix exception in set_content() when encoding text and max_line_length is set to 0 or None (unlimited).

• gh-134453: Fixed subprocess.Popen.communicate() input= handling of memoryview instances that were non-byte shaped on POSIX platforms. Those are now properly cast to a byte shaped view instead of truncating the input. Windows platforms did not have this bug.

• gh-102431: Clarify constraints for “logical” arguments in methods of decimal.Context.

IDLE

• gh-96491: Deduplicate version number in IDLE shell title bar after saving to a file.

Documentation

• gh-141994: xml.sax.handler: Make Documentation of xml.sax.handler.feature_external_ges warn of opening up to external entity attacks. Patch by Sebastian Pipping.

• gh-140578: Remove outdated sencence in the documentation for multiprocessing, that implied that concurrent.futures.ThreadPoolExecutor did not exist.

Core and Builtins

• gh-142048: Fix quadratically increasing garbage collection delays in free-threaded build.

• gh-141930: When importing a module, use Python’s regular file object to ensure that writes to .pyc files are complete or an appropriate error is raised.

• gh-120158: Fix inconsistent state when enabling or disabling monitoring events too many times.

• gh-141579: Fix sys.activate_stack_trampoline() to properly support the perf_jit backend. Patch by Pablo Galindo.

• gh-141312: Fix the assertion failure in the __setstate__ method of the range iterator when a non-integer argument is passed. Patch by Sergey Miryanov.

• gh-140939: Fix memory leak when bytearray or bytes is formated with the %*b format with a large width that results in a MemoryError.

• gh-140530: Fix a reference leak when raise exc from cause fails. Patch by Bénédikt Tran.

• gh-140576: Fixed crash in tokenize.generate_tokens() in case of specific incorrect input. Patch by Mikhail Efimov.

• gh-140551: Fixed crash in dict if dict.clear() is called at the lookup stage. Patch by Mikhail Efimov and Inada Naoki.

• gh-140471: Fix potential buffer overflow in ast.AST node initialization when encountering malformed _fields containing non-str.

• gh-140406: Fix memory leak when an object’s __hash__() method returns an object that isn’t an int.

• gh-140306: Fix memory leaks in cross-interpreter channel operations and shared namespace handling.

• gh-140301: Fix memory leak of PyConfig in subinterpreters.

• gh-140000: Fix potential memory leak when a reference cycle exists between an instance of typing.TypeAliasType, typing.TypeVar, typing.ParamSpec, or typing.TypeVarTuple and its __name__ attribute. Patch by Mikhail Efimov.

• gh-139748: Fix reference leaks in error branches of functions accepting path strings or bytes such as compile() and os.system(). Patch by Bénédikt Tran.

• gh-139516: Fix lambda colon erroneously start format spec in f-string in tokenizer.

• gh-139640: Fix swallowing some syntax warnings in different modules if they accidentally have the same message and are emitted from the same line. Fix duplicated warnings in the finally block.

• gh-137400: Fix a crash in the free threading build when disabling profiling or tracing across all threads with PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads() or their Python equivalents threading.settrace_all_threads() and threading.setprofile_all_threads().

• gh-133400: Fixed Ctrl+D (^D) behavior in _pyrepl module to match old pre-3.13 REPL behavior.

C API

• gh-140042: Removed the sqlite3_shutdown call that could cause closing connections for sqlite when used with multiple sub interpreters.

• gh-140487: Fix Py_RETURN_NOTIMPLEMENTED in limited C API 3.11 and older: don’t treat Py_NotImplemented as immortal. Patch by Victor Stinner.

Python 3.13.9 final

Release date: 2025-10-14

Library

• gh-139783: Fix inspect.getsourcelines() for the case when a decorator is followed by a comment or an empty line.

Python 3.13.8 final

Release date: 2025-10-07

macOS

• gh-124111: Update macOS installer to use Tcl/Tk 8.6.17.

• gh-139573: Updated bundled version of OpenSSL to 3.0.18.

Windows

• gh-139573: Updated bundled version of OpenSSL to 3.0.18.

• gh-138896: Fix error installing C runtime on non-updated Windows machines

Tools/Demos

• gh-139330: SBOM generation tool didn’t cross-check the version and checksum values against the Modules/expat/refresh.sh script, leading to the values becoming out-of-date during routine updates.

• gh-137873: The iOS test runner has been simplified, resolving some issues that have been observed using the runner in GitHub Actions and Azure Pipelines test environments.

Tests

• gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore the --verbose option anymore. Patch by Victor Stinner.

Security

• gh-139400: xml.parsers.expat: Make sure that parent Expat parsers are only garbage-collected once they are no longer referenced by subparsers created by ExternalEntityParserCreate(). Patch by Sebastian Pipping.

• gh-139283: sqlite3: correctly handle maximum number of rows to fetch in Cursor.fetchmany and reject negative values for Cursor.arraysize. Patch by Bénédikt Tran.

• gh-135661: Fix CDATA section parsing in html.parser.HTMLParser according to the HTML5 standard: ] ]> and ]] > no longer end the CDATA section. Add private method _set_support_cdata() which can be used to specify how to parse <[CDATA[ — as a CDATA section in foreign content (SVG or MathML) or as a bogus comment in the HTML namespace.

Library

• gh-139312: Upgrade bundled libexpat to 2.7.3

• gh-139289: Do a real lazy-import on rlcompleter in pdb and restore the existing completer after importing rlcompleter.

• gh-139210: Fix use-after-free when reporting unknown event in xml.etree.ElementTree.iterparse(). Patch by Ken Jin.

• gh-138860: Lazy import rlcompleter in pdb to avoid deadlock in subprocess.

• gh-112729: Fix crash when calling _interpreters.create when the process is out of memory.

• gh-139076: Fix a bug in the pydoc module that was hiding functions in a Python module if they were implemented in an extension module and the module did not have __all__.

• gh-138998: Update bundled libexpat to 2.7.2

• gh-130567: Fix possible crash in locale.strxfrm() due to a platform bug on macOS.

• gh-138779: Support device numbers larger than 2**63-1 for the st_rdev field of the os.stat_result structure.

• gh-128636: Fix crash in PyREPL when os.environ is overwritten with an invalid value for mac

• gh-88375: Fix normalization of the robots.txt rules and URLs in the urllib.robotparser module. No longer ignore trailing ?. Distinguish raw special characters ?, = and & from the percent-encoded ones.

• gh-138515: email is added to Emscripten build.

• gh-111788: Fix parsing errors in the urllib.robotparser module. Don’t fail trying to parse weird paths. Don’t fail trying to decode non-UTF-8 robots.txt files.

• gh-138432: zoneinfo.reset_tzpath() will now convert any os.PathLike objects it receives into strings before adding them to TZPATH. It will raise TypeError if anything other than a string is found after this conversion. If given an os.PathLike object that represents a relative path, it will now raise ValueError instead of TypeError, and present a more informative error message.

• gh-138008: Fix segmentation faults in the ctypes module due to invalid argtypes. Patch by Dung Nguyen.

• gh-60462: Fix locale.strxfrm() on Solaris (and possibly other platforms).

• gh-138204: Forbid expansion of shared anonymous memory maps on Linux, which caused a bus error.

• gh-138010: Fix an issue where defining a class with a @warnings.deprecated-decorated base class may not invoke the correct __init_subclass__() method in cases involving multiple inheritance. Patch by Brian Schubert.

• gh-138133: Prevent infinite traceback loop when sending CTRL^C to Python through strace.

• gh-134869: Fix an issue where pressing Ctrl+C during tab completion in the REPL would leave the autocompletion menu in a corrupted state.

• gh-137317: inspect.signature() now correctly handles classes that use a descriptor on a wrapped __init__() or __new__() method. Contributed by Yongyu Yan.

• gh-137754: Fix import of the zoneinfo module if the C implementation of the datetime module is not available.

• gh-137490: Handle ECANCELED in the same way as EINTR in signal.sigwaitinfo() on NetBSD.

• gh-137477: Fix inspect.getblock(), inspect.getsourcelines() and inspect.getsource() for generator expressions.

• gh-137017: Fix threading.Thread.is_alive to remain True until the underlying OS thread is fully cleaned up. This avoids false negatives in edge cases involving thread monitoring or premature threading.Thread.is_alive calls.

• gh-136134: SMTP.auth_cram_md5() now raises an SMTPException instead of a ValueError if Python has been built without MD5 support. In particular, SMTP clients will not attempt to use this method even if the remote server is assumed to support it. Patch by Bénédikt Tran.

• gh-136134: IMAP4.login_cram_md5 now raises an IMAP4.error if CRAM-MD5 authentication is not supported. Patch by Bénédikt Tran.

• gh-135386: Fix opening a dbm.sqlite3 database for reading from read-only file or directory.

• gh-126631: Fix multiprocessing forkserver bug which prevented __main__ from being preloaded.

• gh-123085: In a bare call to importlib.resources.files(), ensure the caller’s frame is properly detected when importlib.resources is itself available as a compiled module only (no source).

• gh-118981: Fix potential hang in multiprocessing.popen_spawn_posix that can happen when the child proc dies early by closing the child fds right away.

• gh-78319: UTF8 support for the IMAP APPEND command has been made RFC compliant.

• bpo-38735: Fix failure when importing a module from the root directory on unix-like platforms with sys.pycache_prefix set.

• bpo-41839: Allow negative priority values from os.sched_get_priority_min() and os.sched_get_priority_max() functions.

Core and Builtins

• gh-134466: Don’t run PyREPL in a degraded environment where setting termios attributes is not allowed.

• gh-71810: Raise OverflowError for (-1).to_bytes() for signed conversions when bytes count is zero. Patch by Sergey B Kirpichev.

• gh-105487: Remove non-existent __copy__(), __deepcopy__(), and __bases__ from the __dir__() entries of types.GenericAlias.

• gh-134163: Fix a hang when the process is out of memory inside an exception handler.

• gh-138479: Fix a crash when a generic object’s __typing_subst__ returns an object that isn’t a tuple.

• gh-137576: Fix for incorrect source code being shown in tracebacks from the Basic REPL when PYTHONSTARTUP is given. Patch by Adam Hartz.

• gh-132744: Certain calls now check for runaway recursion and respect the system recursion limit.

C API

• gh-87135: Attempting to acquire the GIL after runtime finalization has begun in a different thread now causes the thread to hang rather than terminate, which avoids potential crashes or memory corruption caused by attempting to terminate a thread that is running code not specifically designed to support termination. In most cases this hanging is harmless since the process will soon exit anyway.

  While not officially marked deprecated until 3.14, PyThread_exit_thread is no longer called internally and remains solely for interface compatibility. Its behavior is inconsistent across platforms, and it can only be used safely in the unlikely case that every function in the entire call stack has been designed to support the platform-dependent termination mechanism. It is recommended that users of this function change their design to not require thread termination. In the unlikely case that thread termination is needed and can be done safely, users may migrate to calling platform-specific APIs such as pthread_exit (POSIX) or _endthreadex (Windows) directly.

Build

• gh-135734: Python can correctly be configured and built with ./configure --enable-optimizations --disable-test-modules. Previously, the profile data generation step failed due to PGO tests where immortalization couldn’t be properly suppressed. Patch by Bénédikt Tran.

Python 3.13.7 final

Release date: 2025-08-14

Library

• gh-137583: Fix a deadlock introduced in 3.13.6 when a call to ssl.SSLSocket.recv was blocked in one thread, and then another method on the object (such as ssl.SSLSocket.send) was subsequently called in another thread.

• gh-137044: Return large limit values as positive integers instead of negative integers in resource.getrlimit(). Accept large values and reject negative values (except RLIM_INFINITY) for limits in resource.setrlimit().

• gh-136914: Fix retrieval of doctest.DocTest.lineno for objects decorated with functools.cache() or functools.cached_property.

• gh-131788: Make ResourceTracker.send from multiprocessing re-entrant safe

Documentation

• gh-136155: We are now checking for fatal errors in EPUB builds in CI.

Core and Builtins

• gh-137400: Fix a crash in the free threading build when disabling profiling or tracing across all threads with PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads() or their Python equivalents threading.settrace_all_threads() and threading.setprofile_all_threads().

Python 3.13.6 final

Release date: 2025-08-06

macOS

• gh-137450: macOS installer shell path management improvements: separate the installer Shell profile updater postinstall script from the Update Shell Profile.command to enable more robust error handling.

• gh-137134: Update macOS installer to ship with SQLite version 3.50.4.

Windows

• gh-137134: Update Windows installer to ship with SQLite 3.50.4.

Tools/Demos

• gh-135968: Stubs for strip are now provided as part of an iOS install.

Tests

• gh-135966: The iOS testbed now handles the app_packages folder as a site directory.

• gh-135494: Fix regrtest to support excluding tests from --pgo tests. Patch by Victor Stinner.

• gh-135489: Show verbose output for failing tests during PGO profiling step with –enable-optimizations.

Security

• gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the HTML5 standard.

  • Whitespaces no longer accepted between </ and the tag name. E.g. </ script> does not end the script section.

  • Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as whitespaces. The only whitespaces are \t\n\r\f and space.

  • Null character (U+0000) no longer ends the tag name.

  • Attributes and slashes after the tag name in end tags are now ignored, instead of terminating after the first > in quoted attribute value. E.g. </script/foo=">"/>.

  • Multiple slashes and whitespaces between the last attribute and closing > are now ignored in both start and end tags. E.g. <a foo=bar/ //>.

  • Multiple = between attribute name and value are no longer collapsed. E.g. <a foo==bar> produces attribute “foo” with value “=bar”.

• gh-102555: Fix comment parsing in html.parser.HTMLParser according to the HTML5 standard. --!> now ends the comment. -- > no longer ends the comment. Support abnormally ended empty comments <--> and <--->.

• gh-135462: Fix quadratic complexity in processing specially crafted input in html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs – comments and declarations are automatically closed, tags are ignored.

• gh-118350: Fix support of escapable raw text mode (elements “textarea” and “title”) in html.parser.HTMLParser.

Library

• gh-132710: If possible, ensure that uuid.getnode() returns the same result even across different processes. Previously, the result was constant only within the same process. Patch by Bénédikt Tran.

• gh-137273: Fix debug assertion failure in locale.setlocale() on Windows.

• gh-137257: Bump the version of pip bundled in ensurepip to version 25.2

• gh-81325: tarfile.TarFile now accepts a path-like when working on a tar archive. (Contributed by Alexander Enrique Urieles Nieto in gh-81325.)

• gh-130522: Fix unraisable TypeError raised during interpreter shutdown in the threading module.

• gh-130577: tarfile now validates archives to ensure member offsets are non-negative. (Contributed by Alexander Enrique Urieles Nieto in gh-130577.)

• gh-136549: Fix signature of threading.excepthook().

• gh-136523: Fix wave.Wave_write emitting an unraisable when open raises.

• gh-52876: Add missing keepends (default True) parameter to codecs.StreamReaderWriter.readline() and codecs.StreamReaderWriter.readlines().

• gh-85702: If zoneinfo._common.load_tzdata is given a package without a resource a zoneinfo.ZoneInfoNotFoundError is raised rather than a PermissionError. Patch by Victor Stinner.

• gh-134759: Fix UnboundLocalError in email.message.Message.get_payload() when the payload to decode is a bytes object. Patch by Kliment Lamonov.

• gh-136028: Fix parsing month names containing “İ” (U+0130, LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime(). This affects locales az_AZ, ber_DZ, ber_MA and crh_UA.

• gh-135995: In the palmos encoding, make byte 0x9b decode to › (U+203A - SINGLE RIGHT-POINTING ANGLE QUOTATION MARK).

• gh-53203: Fix time.strptime() for %c and %x formats on locales byn_ER, wal_ET and lzh_TW, and for %X format on locales ar_SA, bg_BG and lzh_TW.

• gh-91555: An earlier change, which was introduced in 3.13.4, has been reverted. It disabled logging for a logger during handling of log messages for that logger. Since the reversion, the behaviour should be as it was before 3.13.4.

• gh-135878: Fixes a crash of types.SimpleNamespace on free threading builds, when several threads were calling its __repr__() method at the same time.

• gh-135836: Fix IndexError in asyncio.loop.create_connection() that could occur when non-OSError exception is raised during connection and socket’s close() raises OSError.

• gh-135836: Fix IndexError in asyncio.loop.create_connection() that could occur when the Happy Eyeballs algorithm resulted in an empty exceptions list during connection attempts.

• gh-135855: Raise TypeError instead of SystemError when _interpreters.set___main___attrs() is passed a non-dict object. Patch by Brian Schubert.

• gh-135815: netrc: skip security checks if os.getuid() is missing. Patch by Bénédikt Tran.

• gh-135640: Address bug where it was possible to call xml.etree.ElementTree.ElementTree.write() on an ElementTree object with an invalid root element. This behavior blanked the file passed to write if it already existed.

• gh-135444: Fix asyncio.DatagramTransport.sendto() to account for datagram header size when data cannot be sent.

• gh-135497: Fix os.getlogin() failing for longer usernames on BSD-based platforms.

• gh-135487: Fix reprlib.Repr.repr_int() when given integers with more than sys.get_int_max_str_digits() digits. Patch by Bénédikt Tran.

• gh-135335: multiprocessing: Flush stdout and stderr after preloading modules in the forkserver.

• gh-135244: uuid: when the MAC address cannot be determined, the 48-bit node ID is now generated with a cryptographically-secure pseudo-random number generator (CSPRNG) as per RFC 9562, §6.10.3. This affects uuid1().

• gh-135069: Fix the “Invalid error handling” exception in encodings.idna.IncrementalDecoder to correctly replace the ‘errors’ parameter.

• gh-134698: Fix a crash when calling methods of ssl.SSLContext or ssl.SSLSocket across multiple threads.

• gh-132124: On POSIX-compliant systems, multiprocessing.util.get_temp_dir() now ignores TMPDIR (and similar environment variables) if the path length of AF_UNIX socket files exceeds the platform-specific maximum length when using the forkserver start method. Patch by Bénédikt Tran.

• gh-133439: Fix dot commands with trailing spaces are mistaken for multi-line SQL statements in the sqlite3 command-line interface.

• gh-132969: Prevent the ProcessPoolExecutor executor thread, which remains running when shutdown(wait=False), from attempting to adjust the pool’s worker processes after the object state has already been reset during shutdown. A combination of conditions, including a worker process having terminated abormally, resulted in an exception and a potential hang when the still-running executor thread attempted to replace dead workers within the pool.

• gh-130664: Support the '_' digit separator in formatting of the integral part of Decimal’s. Patch by Sergey B Kirpichev.

• gh-85702: If zoneinfo._common.load_tzdata is given a package without a resource a ZoneInfoNotFoundError is raised rather than a IsADirectoryError.

• gh-130664: Handle corner-case for Fraction’s formatting: treat zero-padding (preceding the width field by a zero ('0') character) as an equivalent to a fill character of '0' with an alignment type of '=', just as in case of float’s.

Documentation

• gh-135171: Document that the iterator for the leftmost for clause in the generator expression is created immediately.

Core and Builtins

• gh-58124: Fix name of the Python encoding in Unicode errors of the code page codec: use “cp65000” and “cp65001” instead of “CP_UTF7” and “CP_UTF8” which are not valid Python code names. Patch by Victor Stinner.

• gh-137314: Fixed a regression where raw f-strings incorrectly interpreted escape sequences in format specifications. Raw f-strings now properly preserve literal backslashes in format specs, matching the behavior from Python 3.11. For example, rf"{obj:\xFF}" now correctly produces '\\xFF' instead of 'ÿ'. Patch by Pablo Galindo.

• gh-136541: Fix some issues with the perf trampolines on x86-64 and aarch64. The trampolines were not being generated correctly for some cases, which could lead to the perf integration not working correctly. Patch by Pablo Galindo.

• gh-109700: Fix memory error handling in PyDict_SetDefault().

• gh-78465: Fix error message for cls.__new__(cls, ...) where cls is not instantiable builtin or extension type (with tp_new set to NULL).

• gh-135871: Non-blocking mutex lock attempts now return immediately when the lock is busy instead of briefly spinning in the free threading build.

• gh-135607: Fix potential weakref races in an object’s destructor on the free threaded build.

• gh-135496: Fix typo in the f-string conversion type error (“exclamanation” -> “exclamation”).

• gh-130077: Properly raise custom syntax errors when incorrect syntax containing names that are prefixes of soft keywords is encountered. Patch by Pablo Galindo.

• gh-135148: Fixed a bug where f-string debug expressions (using =) would incorrectly strip out parts of strings containing escaped quotes and # characters. Patch by Pablo Galindo.

• gh-133136: Limit excess memory usage in the free threading build when a large dictionary or list is resized and accessed by multiple threads.

• gh-132617: Fix dict.update() modification check that could incorrectly raise a “dict mutated during update” error when a different dictionary was modified that happens to share the same underlying keys object.

• gh-91153: Fix a crash when a bytearray is concurrently mutated during item assignment.

• gh-127971: Fix off-by-one read beyond the end of a string in string search.

• gh-125723: Fix crash with gi_frame.f_locals when generator frames outlive their generator. Patch by Mikhail Efimov.

Build

• gh-135497: Fix the detection of MAXLOGNAME in the configure.ac script.

Python 3.13.5 final

Release date: 2025-06-11

Windows

• gh-135151: Avoid distributing modified pyconfig.h in the traditional installer. Extension module builds must always specify Py_GIL_DISABLED when targeting the free-threaded runtime.

Tests

• gh-135120: Add test.support.subTests().

Library

• gh-133967: Do not normalize locale name ‘C.UTF-8’ to ‘en_US.UTF-8’.

• gh-135326: Restore support of integer-like objects with __index__() in random.getrandbits().

• gh-135321: Raise a correct exception for values greater than 0x7fffffff for the BINSTRING opcode in the C implementation of pickle.

• gh-135276: Backported bugfixes in zipfile.Path from zipp 3.23. Fixed .name, .stem and other basename-based properties on Windows when working with a zipfile on disk.

• gh-134151: email: Fix TypeError in email.utils.decode_params() when sorting RFC 2231 continuations that contain an unnumbered section.

• gh-134152: email: Fix parsing of email message ID with invalid domain.

• gh-127081: Fix libc thread safety issues with os by replacing getlogin with getlogin_r re-entrant version.

• gh-131884: Fix formatting issues in json.dump() when both indent and skipkeys are used.

Core and Builtins

• gh-135171: Roll back changes to generator and list comprehensions that went into 3.13.4 to fix gh-127682, but which involved semantic and bytecode changes not appropriate for a bugfix release.

C API

• gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and Py_RETURN_FALSE macros in the limited C API 3.11 and older: don’t treat Py_None, Py_True and Py_False as immortal. Patch by Victor Stinner.

• gh-134989: Implement PyObject_DelAttr() and PyObject_DelAttrString() as macros in the limited C API 3.12 and older. Patch by Victor Stinner.

Python 3.13.4 final

Release date: 2025-06-03

Windows

• gh-130727: Fix a race in internal calls into WMI that can result in an “invalid handle” exception under high load. Patch by Chris Eibl.

• gh-76023: Make os.path.realpath() ignore Windows error 1005 when in non-strict mode.

• gh-133626: Ensures packages are not accidentally bundled into the traditional installer.

• gh-133512: Add warnings to Python Launcher for Windows about use of subcommands belonging to the Python install manager.

Tests

• gh-133744: Fix multiprocessing interrupt test. Add an event to synchronize the parent process with the child process: wait until the child process starts sleeping. Patch by Victor Stinner.

• gh-133639: Fix TestPyReplAutoindent.test_auto_indent_default() doesn’t run input_code.

• gh-133131: The iOS testbed will now select the most recently released “SE-class” device for testing if a device isn’t explicitly specified.

• gh-109981: The test helper that counts the list of open file descriptors now uses the optimised /dev/fd approach on all Apple platforms, not just macOS. This avoids crashes caused by guarded file descriptors.

Security

• gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.

  Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE 2025-4517.

• gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.

• gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.

Library

• gh-134718: ast.dump() now only omits None and [] values if they are default values.

• gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address.

• gh-134696: Built-in HACL* and OpenSSL implementations of hash function constructors now correctly accept the same documented named arguments. For instance, md5() could be previously invoked as md5(data=data) or md5(string=string) depending on the underlying implementation but these calls were not compatible. Patch by Bénédikt Tran.

• gh-134210: curses.window.getch() now correctly handles signals. Patch by Bénédikt Tran.

• gh-80334: multiprocessing.freeze_support() now checks for work on any “spawn” start method platform rather than only on Windows.

• gh-114177: Fix asyncio to not close subprocess pipes which would otherwise error out when the event loop is already closed.

• gh-134152: Fixed UnboundLocalError that could occur during email header parsing if an expected trailing delimiter is missing in some contexts.

• gh-62184: Remove import of C implementation of io.FileIO from Python implementation which has its own implementation

• gh-133982: Emit RuntimeWarning in the Python implementation of io when the file-like object is not closed explicitly in the presence of multiple I/O layers.

• gh-133890: The tarfile module now handles UnicodeEncodeError in the same way as OSError when cannot extract a member.

• gh-134097: Fix interaction of the new REPL and -X showrefcount command line option.

• gh-133889: The generated directory listing page in http.server.SimpleHTTPRequestHandler now only shows the decoded path component of the requested URL, and not the query and fragment.

• gh-134098: Fix handling paths that end with a percent-encoded slash (%2f or %2F) in http.server.SimpleHTTPRequestHandler.

• gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and IPv6Network objects.

• gh-133745: In 3.13.3 we accidentally changed the signature of the asyncio create_task() family of methods and how it calls a custom task factory in a backwards incompatible way. Since some 3rd party libraries have already made changes to work around the issue that might break if we simply reverted the changes, we’re instead changing things to be backwards compatible with 3.13.2 while still supporting those workarounds for 3.13.3. In particular, the special-casing of name and context is back (until 3.14) and consequently eager tasks may still find that their name hasn’t been set before they execute their first yielding await.

• gh-71253: Raise ValueError in open() if opener returns a negative file-descriptor in the Python implementation of io to match the C implementation.

• gh-77057: Fix handling of invalid markup declarations in html.parser.HTMLParser.

• gh-133489: random.getrandbits() can now generate more that 2³¹ bits. random.randbytes() can now generate more that 256 MiB.

• gh-133290: Fix attribute caching issue when setting ctypes._Pointer._type_ in the undocumented and deprecated ctypes.SetPointerType() function and the undocumented set_type() method.

• gh-132876: ldexp() on Windows doesn’t round subnormal results before Windows 11, but should. Python’s math.ldexp() wrapper now does round them, so results may change slightly, in rare cases of very small results, on Windows versions before 11.

• gh-133089: Use original timeout value for subprocess.TimeoutExpired when the func subprocess.run() is called with a timeout instead of sometimes a confusing partial remaining time out value used internally on the final wait().

• gh-133009: xml.etree.ElementTree: Fix a crash in Element.__deepcopy__ when the element is concurrently mutated. Patch by Bénédikt Tran.

• gh-132995: Bump the version of pip bundled in ensurepip to version 25.1.1

• gh-132017: Fix error when pyrepl is suspended, then resumed and terminated.

• gh-132673: Fix a crash when using _align_ = 0 and _fields_ = [] in a ctypes.Structure.

• gh-132527: Include the valid typecode ‘w’ in the error message when an invalid typecode is passed to array.array.

• gh-132439: Fix PyREPL on Windows: characters entered via AltGr are swallowed. Patch by Chris Eibl.

• gh-132429: Fix support of Bluetooth sockets on NetBSD and DragonFly BSD.

• gh-132106: QueueListener.start now raises a RuntimeError if the listener is already started.

• gh-132417: Fix a NULL pointer dereference when a C function called using ctypes with restype py_object returns NULL.

• gh-132385: Fix instance error suggestions trigger potential exceptions in object.__getattr__() in traceback.

• gh-132308: A traceback.TracebackException now correctly renders the __context__ and __cause__ attributes from falsey Exception, and the exceptions attribute from falsey ExceptionGroup.

• gh-132250: Fixed the SystemError in cProfile when locating the actual C function of a method raises an exception.

• gh-132063: Prevent exceptions that evaluate as falsey (namely, when their __bool__ method returns False or their __len__ method returns 0) from being ignored by concurrent.futures.ProcessPoolExecutor and concurrent.futures.ThreadPoolExecutor.

• gh-119605: Respect follow_wrapped for __init__() and __new__() methods when getting the class signature for a class with inspect.signature(). Preserve class signature after wrapping with warnings.deprecated(). Patch by Xuehai Pan.

• gh-91555: Ignore log messages generated during handling of log messages, to avoid deadlock or infinite recursion. [NOTE: This change has since been reverted.]

• gh-131434: Improve error reporting for incorrect format in time.strptime().

• gh-131127: Systems using LibreSSL now successfully build.

• gh-130999: Avoid exiting the new REPL and offer suggestions even if there are non-string candidates when errors occur.

• gh-130941: Fix configparser.ConfigParser parsing empty interpolation with allow_no_value set to True.

• gh-129098: Fix REPL traceback reporting when using compile() with an inexisting file. Patch by Bénédikt Tran.

• gh-130631: http.cookiejar.join_header_words() is now more similar to the original Perl version. It now quotes the same set of characters and always quote values that end with "\n".

• gh-129719: Fix missing socket.CAN_RAW_ERR_FILTER constant in the socket module on Linux systems. It was missing since Python 3.11.

• gh-124096: Turn on virtual terminal mode and enable bracketed paste in REPL on Windows console. (If the terminal does not support bracketed paste, enabling it does nothing.)

• gh-122559: Remove __reduce__() and __reduce_ex__() methods that always raise TypeError in the C implementation of io.FileIO, io.BufferedReader, io.BufferedWriter and io.BufferedRandom and replace them with default __getstate__() methods that raise TypeError. This restores fine details of behavior of Python 3.11 and older versions.

• gh-122179: hashlib.file_digest() now raises BlockingIOError when no data is available during non-blocking I/O. Before, it added spurious null bytes to the digest.

• gh-86155: html.parser.HTMLParser.close() no longer loses data when the <script> tag is not closed. Patch by Waylan Limberg.

• gh-69426: Fix html.parser.HTMLParser to not unescape character entities in attribute values if they are followed by an ASCII alphanumeric or an equals sign.

• bpo-44172: Keep a reference to original curses windows in subwindows so that the original window does not get deleted before subwindows.

IDLE

• gh-112936: fix IDLE: no Shell menu item in single-process mode.

Documentation

• gh-107006: Move documentation and example code for threading.local from its docstring to the official docs.

Library

• gh-134908: Fix crash when iterating over lines in a text file on the free threaded build.

Core and Builtins

• gh-127682: No longer call __iter__ twice in list comprehensions. This brings the behavior of list comprehensions in line with other forms of iteration

Library

• gh-134381: Fix RuntimeError when using a not-started threading.Thread after calling os.fork()

Core and Builtins

• gh-128066: Fixes an edge case where PyREPL improperly threw an error when Python is invoked on a read only filesystem while trying to write history file entries.

• gh-134100: Fix a use-after-free bug that occurs when an imported module isn’t in sys.modules after its initial import. Patch by Nico-Posada.

• gh-133703: Fix hashtable in dict can be bigger than intended in some situations.

• gh-132869: Fix crash in the free threading build when accessing an object attribute that may be concurrently inserted or deleted.

• gh-132762: fromkeys() no longer loops forever when adding a small set of keys to a large base dict. Patch by Angela Liss.

• gh-133543: Fix a possible memory leak that could occur when directly accessing instance dictionaries (__dict__) that later become part of a reference cycle.

• gh-133516: Raise ValueError when constants True, False or None are used as an identifier after NFKC normalization.

• gh-133441: Fix crash upon setting an attribute with a dict subclass. Patch by Victor Stinner.

• gh-132942: Fix two races in the type lookup cache. This affected the free-threaded build and could cause crashes (apparently quite difficult to trigger).

• gh-132713: Fix repr(list) race condition: hold a strong reference to the item while calling repr(item). Patch by Victor Stinner.

• gh-132747: Fix a crash when calling __get__() of a method with a None second argument.

• gh-132542: Update Thread.native_id after fork(2) to ensure accuracy. Patch by Noam Cohen.

• gh-124476: Fix decoding from the locale encoding in the C.UTF-8 locale.

• gh-131927: Compiler warnings originating from the same module and line number are now only emitted once, matching the behaviour of warnings emitted from user code. This can also be configured with warnings filters.

• gh-127682: No longer call __iter__ twice when creating and executing a generator expression. Creating a generator expression from a non-interable will raise only when the generator expression is executed. This brings the behavior of generator expressions in line with other generators.

• gh-131878: Handle uncaught exceptions in the main input loop for the new REPL.

• gh-131878: Fix support of unicode characters with two or more codepoints on Windows in the new REPL.

• gh-130804: Fix support of unicode characters on Windows in the new REPL.

• gh-130070: Fixed an assertion error for exec() passed a string source and a non-None closure. Patch by Bartosz Sławecki.

• gh-129958: Fix a bug that was allowing newlines inconsitently in format specifiers for single-quoted f-strings. Patch by Pablo Galindo.

C API

• gh-132909: Fix an overflow when handling the K format in Py_BuildValue(). Patch by Bénédikt Tran.

Build

• gh-134923: Windows builds with profile-guided optimization enabled now use /GENPROFILE and /USEPROFILE instead of deprecated /LTCG: options.

• gh-133183: iOS compiler shims now include IPHONEOS_DEPLOYMENT_TARGET in target triples, ensuring that SDK version minimums are honored.

• gh-133167: Fix compilation process with --enable-optimizations and --without-docstrings.

• gh-132649: The PClayout script now allows passing --include-tcltk on Windows ARM64.

• gh-117088: AIX linker don’t support -h option, so avoid it through platform check

• gh-132026: Fix use of undefined identifiers in platform triplet detection on MIPS Linux platforms.

Python 3.13.3 final

Release date: 2025-04-08

macOS

• gh-124111: Update macOS installer to use Tcl/Tk 8.6.16.

• gh-131423: Update macOS installer to use OpenSSL 3.0.16. Patch by Bénédikt Tran.

• gh-131025: Update macOS installer to ship with SQLite 3.49.1.

• gh-91132: Update macOS installer to use ncurses 6.5.

Windows

• gh-131423: Update bundled version of OpenSSL to 3.0.16. The new build also disables uplink support, which may be relevant to embedders but has no impact on normal use.

• gh-131025: Update Windows installer to ship with SQLite 3.49.1.

• gh-131020: pylauncher correctly detects a BOM when searching for the shebang. Fix by Chris Eibl.

Tools/Demos

• gh-131852: msgfmt no longer adds the POT-Creation-Date to generated .mo files for consistency with GNU msgfmt.

• gh-85012: Correctly reset msgctxt when compiling messages in msgfmt.

• gh-130025: The iOS testbed now correctly handles symlinks used as Python framework references.

Tests

• gh-131050: test_ssl.test_dh_params is skipped if the underlying TLS library does not support finite-field ephemeral Diffie-Hellman.

• gh-129200: Multiple iOS testbed runners can now be started at the same time without introducing an ambiguity over simulator ownership.

• gh-130292: The iOS testbed will now run successfully on a machine that has not previously run Xcode tests (such as CI configurations).

• gh-130293: The tests of terminal colorization are no longer sensitive to the value of the TERM variable in the testing environment.

• gh-126332: Add unit tests for pyrepl.

Security

• gh-131809: Update bundled libexpat to 2.7.1

• gh-131261: Upgrade to libexpat 2.7.0

• gh-127371: Avoid unbounded buffering for tempfile.SpooledTemporaryFile.writelines(). Previously, disk spillover was only checked after the lines iterator had been exhausted. This is now done after each line is written.

• gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed.

Library

• gh-132174: Fix function name in error message of _interpreters.run_string.

• gh-132171: Fix crash of _interpreters.run_string on string subclasses.

• gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN environment variable knob in subprocess to control the use of os.posix_spawn().

• gh-132159: Do not shadow user arguments in generated __new__() by decorator warnings.deprecated. Patch by Xuehai Pan.

• gh-132075: Fix possible use of socket address structures with uninitialized members. Now all structure members are initialized with zeroes by default.

• gh-132002: Fix crash when deallocating contextvars.ContextVar with weird unahashable string names.

• gh-131668: socket: Fix code parsing AF_BLUETOOTH socket addresses.

• gh-131492: Fix a resource leak when constructing a gzip.GzipFile with a filename fails, for example when passing an invalid compresslevel.

• gh-131325: Fix sendfile fallback implementation to drain data after writing to transport in asyncio.

• gh-129843: Fix incorrect argument passing in warnings.warn_explicit().

• gh-131204: Use monospace font from System Font Stack for cross-platform support in difflib.HtmlDiff.

• gh-130940: The PyConfig.use_system_logger attribute, introduced in Python 3.13.2, has been removed. The introduction of this attribute inadvertently introduced an ABI breakage on macOS and iOS. The use of the system logger is now enabled by default on iOS, and disabled by default on macOS.

• gh-131045: Fix issue with __contains__, values, and pseudo-members for enum.Flag.

• gh-130959: Fix pure-Python implementation of datetime.time.fromisoformat() to reject times with spaces in fractional part (for example, 12:34:56.400 +02:00), matching the C implementation. Patch by Michał Gorny.

• gh-130637: Add validation for numeric response data in poplib.POP3.stat() method

• gh-130461: Remove .. index:: directives from the uuid module documentation. These directives previously created entries in the general index for getnode() as well as the uuid1(), uuid3(), uuid4(), and uuid5() constructor functions.

• gh-130379: The zipapp module now calculates the list of files to be added to the archive before creating the archive. This avoids accidentally including the target when it is being created in the source directory.

• gh-130285: Fix corner case for random.sample() allowing the counts parameter to specify an empty population. So now, sample([], 0, counts=[]) and sample('abc', k=0, counts=[0, 0, 0]) both give the same result as sample([], 0).

• gh-130250: Fix regression in traceback.print_last().

• gh-130230: Fix crash in pow() with only Decimal third argument.

• gh-118761: Reverts a change in the previous release attempting to make some stdlib imports used within the subprocess module lazy as this was causing errors during __del__ finalizers calling methods such as terminate, or kill, or send_signal.

• gh-130164: Fixed failure to raise TypeError in inspect.Signature.bind() for positional-only arguments provided by keyword when a variadic keyword argument (e.g. **kwargs) is present.

• gh-130151: Fix reference leaks in _hashlib.hmac_new() and _hashlib.hmac_digest(). Patch by Bénédikt Tran.

• gh-130145: Fix asyncio.AbstractEventloop.run_forever() when another loop is already running.

• gh-129726: Fix gzip.GzipFile raising an unraisable exception during garbage collection when referring to a temporary object by breaking the reference loop with weakref.

• gh-127750: Remove broken functools.singledispatchmethod() caching introduced in gh-85160.

• gh-129583: Update bundled pip to 25.0.1

• gh-97850: Update the deprecation warning of importlib.abc.Loader.load_module().

• gh-129646: Update the locale alias mapping in the locale module to match the latest X Org locale alias mapping and support new locales in Glibc 2.41.

• gh-129603: Fix bugs where sqlite3.Row objects could segfault if their inherited description was set to None. Patch by Erlend Aasland.

• gh-128231: Execution of multiple statements in the new REPL now stops immediately upon the first exception encountered. Patch by Bartosz Sławecki.

• gh-117779: Fix reading duplicated entries in zipfile by name. Reading duplicated entries (except the last one) by ZipInfo now emits a warning instead of raising an exception.

• gh-128772: Fix pydoc for methods with the __module__ attribute equal to None.

• gh-92897: Scheduled the deprecation of the check_home argument of sysconfig.is_python_build() to Python 3.15.

• gh-128657: Fix possible extra reference when using objects returned by hashlib.sha256() under free threading.

• gh-128703: Fix mimetypes.guess_type() to use default mapping for empty Content-Type in registry.

• gh-128308: Support the name keyword argument for eager tasks in asyncio.loop.create_task(), asyncio.create_task() and asyncio.TaskGroup.create_task(), by passing on all kwargs to the task factory set by asyncio.loop.set_task_factory().

• gh-128388: Fix PyREPL on Windows to support more keybindings, like the Control-← and Control-→ word-skipping keybindings and those with meta (i.e. Alt), e.g. Alt-d to kill-word or Alt-Backspace backward-kill-word.

• gh-126037: xml.etree.ElementTree: Fix a crash in Element.find, Element.findtext and Element.findall when the tag to find implements an __eq__() method mutating the element being queried. Patch by Bénédikt Tran.

• gh-127712: Fix handling of the secure argument of logging.handlers.SMTPHandler.

• gh-126033: xml.etree.ElementTree: Fix a crash in Element.remove when the element is concurrently mutated. Patch by Bénédikt Tran.

• gh-118201: Fixed intermittent failures of os.confstr, os.pathconf and os.sysconf on iOS and Android.

• gh-124927: Non-printing characters are now properly handled in the new REPL.

IDLE

• gh-129873: Simplify displaying the IDLE doc by only copying the text section of idle.html to idlelib/help.html. Patch by Stan Ulbrych.

Documentation

• gh-131417: Mention asyncio.Future and asyncio.Task in generic classes list.

• gh-125722: Require Sphinx 8.2.0 or later to build the Python documentation. Patch by Adam Turner.

• gh-129712: The wheel tags supported by each macOS universal SDK option are now documented.

• gh-46236: C API: Document PyUnicode_RSplit(), PyUnicode_Partition() and PyUnicode_RPartition().

Core and Builtins

• gh-132011: Fix crash when calling list.append() as an unbound method.

• gh-131998: Fix a crash when using an unbound method descriptor object in a function where a bound method descriptor was used.

• gh-131988: Fix a performance regression that caused scaling bottlenecks in the free threaded build in 3.13.1 and 3.13.2.

• gh-131719: Fix missing NULL check in _PyMem_FreeDelayed in free-threaded build.

• gh-131670: Fix anext() failing on sync __anext__() raising an exception.

• gh-131141: Fix data race in sys.monitoring instrumentation while registering callback.

• gh-130932: Fix incorrect exception handling in _PyModule_IsPossiblyShadowing

• gh-130851: Fix a crash in the free threading build when constructing a code object with co_consts that contains instances of types that are not otherwise generated by the bytecode compiler.

• gh-130794: Fix memory leak in the free threaded build when resizing a shared list or dictionary from multiple short-lived threads.

• gh-130775: Do not crash on negative column and end_column in ast locations.

• gh-130382: Fix PyRefTracer_DESTROY not being sent from Python/ceval.c Py_DECREF().

• gh-130618: Fix a bug that was causing UnicodeDecodeError or SystemError to be raised when using f-strings with lambda expressions with non-ASCII characters. Patch by Pablo Galindo

• gh-130163: Fix possible crashes related to concurrent change and use of the sys module attributes.

• gh-88887: Fixing multiprocessing Resource Tracker process leaking, usually observed when running Python as PID 1.

• gh-130115: Fix an issue with thread identifiers being sign-extended on some platforms.

• gh-128396: Fix a crash that occurs when calling locals() inside an inline comprehension that uses the same local variable as the outer frame scope where the variable is a free or cell var.

• gh-116042: Fix location for SyntaxErrors of invalid escapes in the tokenizer. Patch by Pablo Galindo

Library

• gh-129983: Fix data race in compile_template in sre.c.

Core and Builtins

• gh-129967: Fix a race condition in the free threading build when repr(set) is called concurrently with set.clear().

• gh-129900: Fix return codes inside SystemExit not getting returned by the REPL.

• gh-129732: Fixed a race in _Py_qsbr_reserve in the free threading build.

• gh-129643: Fix thread safety of PyList_Insert() in free-threading builds.

• gh-129668: Fix race condition when raising MemoryError in the free threaded build.

• gh-129643: Fix thread safety of PyList_SetItem() in free-threading builds. Patch by Kumar Aditya.

• gh-128714: Fix the potential races in get/set dunder methods __annotations__, __annotate__ and __type_params__ for function object, and add related tests.

• gh-128632: Disallow __classdict__ as the name of a type parameter. Using this name would previously crash the interpreter in some circumstances.

• gh-127953: The time to handle a LINE event in sys.monitoring (and sys.settrace) is now independent of the number of lines in the code object.

• gh-125331: from __future__ import barry_as_FLUFL now works in more contexts, including when it is used in files, with the -c flag, and in the REPL when there are multiple statements on the same line. Previously, it worked only on subsequent lines in the REPL, and when the appropriate flags were passed directly to compile(). Patch by Pablo Galindo.

C API

• gh-131740: Update PyUnstable_GC_VisitObjects to traverse perm gen.

• gh-129533: Update PyGC_Enable(), PyGC_Disable(), PyGC_IsEnabled() to use atomic operation for thread-safety at free-threading build. Patch by Donghee Na.

Build

• gh-131865: The DTrace build now properly passes the CC and CFLAGS variables to the dtrace command when utilizing SystemTap on Linux.

• gh-131675: Fix mimalloc library builds for 32-bit ARM targets.

• gh-130673: Fix potential KeyError when handling object sections during JIT building process.

• gh-130740: Ensure that Python.h is included before stdbool.h unless pyconfig.h is included before or in some platform-specific contexts.

• gh-129838: Don’t redefine _Py_NO_SANITIZE_UNDEFINED when compiling with a recent GCC version and undefined sanitizer enabled.

• gh-129660: Drop test_embed from PGO training, whose contribution in recent versions is considered to be ignorable.

Python 3.13.2 final

Release date: 2025-02-04

macOS

• gh-127592: Usage of the unified Apple System Log APIs was disabled when the minimum macOS version is earlier than 10.12.

Windows

• gh-127353: Allow to force color output on Windows using environment variables. Patch by Andrey Efremov.

Tools/Demos

• gh-129248: The iOS test runner now strips the log prefix from each line output by the test suite.

• gh-128152: Fix a bug where Argument Clinic’s C pre-processor parser tried to parse pre-processor directives inside C comments. Patch by Erlend Aasland.

Tests

• gh-127906: Test the limited C API in test_cppext. Patch by Victor Stinner.

• gh-127637: Add tests for the dis command-line interface. Patch by Bénédikt Tran.

• gh-126925: iOS test results are now streamed during test execution, and the deprecated xcresulttool is no longer used.

Security

• gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2.

• gh-127655: Fixed the asyncio.selector_events._SelectorSocketTransport transport not pausing writes for the protocol when the buffer reaches the high water mark when using asyncio.WriteTransport.writelines().

• gh-126108: Fix a possible NULL pointer dereference in PySys_AddWarnOptionUnicode().

• gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed.

• gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only a mapping, but if this hit a virtual address size limit it could lead to a MemoryError or other process crash. On unusual systems or builds where all allocated memory is touched and backed by actual ram or storage it could’ve consumed resources doing so until similarly crashing.

Library

• gh-129502: Unlikely errors in preparing arguments for ctypes callback are now handled in the same way as errors raised in the callback of in converting the result of the callback – using sys.unraisablehook() instead of sys.excepthook() and not setting sys.last_exc and other variables.

• gh-129403: Corrected ValueError message for asyncio.Barrier and threading.Barrier.

• gh-129409: Fix an integer overflow in the csv module when writing a data field larger than 2GB.

• gh-118761: Improve import time of subprocess by lazy importing locale and signal. Patch by Taneli Hukkinen.

• gh-129346: In sqlite3, handle out-of-memory when creating user-defined SQL functions.

• gh-129061: Fix FORCE_COLOR and NO_COLOR when empty strings. Patch by Hugo van Kemenade.

• gh-128550: Removed an incorrect optimization relating to eager tasks in asyncio.TaskGroup that resulted in cancellations being missed.

• gh-128991: Release the enter frame reference within bdb callback

• gh-128978: Fix a NameError in sysconfig.expand_makefile_vars(). Patch by Bénédikt Tran.

• gh-128961: Fix a crash when setting state on an exhausted array.array iterator.

• gh-128894: Fix traceback.TracebackException._format_syntax_error not to fail on exceptions with custom metadata.

• gh-128916: Do not attempt to set SO_REUSEPORT on sockets of address families other than AF_INET and AF_INET6, as it is meaningless with these address families, and the call with fail with Linux kernel 6.12.9 and newer.

• gh-128679: Fix tracemalloc.stop() race condition. Fix tracemalloc to support calling tracemalloc.stop() in one thread, while another thread is tracing memory allocations. Patch by Victor Stinner.

• gh-128636: Fix PyREPL failure when os.environ is overwritten with an invalid value.

• gh-128562: Fix possible conflicts in generated tkinter widget names if the widget class name ends with a digit.

• gh-128498: Default to stdout isatty for color detection instead of stderr. Patch by Hugo van Kemenade.

• gh-128552: Fix cyclic garbage introduced by asyncio.loop.create_task() and asyncio.TaskGroup.create_task() holding a reference to the created task if it is eager.

• gh-128479: Fix asyncio.staggered.staggered_race() leaking tasks and issuing an unhandled exception.

• gh-128400: Fix crash when using faulthandler.dump_traceback() while other threads are active on the free threaded build.

• gh-88834: Unify the instance check for typing.Union and types.UnionType: Union now uses the instance checks against its parameters instead of the subclass checks.

• gh-128302: Fix xml.dom.xmlbuilder.DOMEntityResolver.resolveEntity(), which was broken by the Python 3.0 transition.

• gh-128302: Allow xml.dom.xmlbuilder.DOMParser.parse() to correctly handle xml.dom.xmlbuilder.DOMInputSource instances that only have a systemId attribute set.

• gh-112064: Fix incorrect handling of negative read sizes in HTTPResponse.read. Patch by Yury Manushkin.

• gh-58956: Fixed a frame reference leak in bdb.

• gh-128131: Completely support random access of uncompressed unencrypted read-only zip files obtained by ZipFile.open.

• gh-112328: enum.EnumDict can now be used without resorting to private API.

• gh-127975: Avoid reusing quote types in ast.unparse() if not needed.

• gh-128062: Revert the font of turtledemo’s menu bar to its default value and display the shortcut keys in the correct position.

• gh-128014: Fix resetting the default window icon by passing default='' to the tkinter method wm_iconbitmap().

• gh-115514: Fix exceptions and incomplete writes after asyncio._SelectorTransport is closed before writes are completed.

• gh-41872: Fix quick extraction of module docstrings from a file in pydoc. It now supports docstrings with single quotes, escape sequences, raw string literals, and other Python syntax.

• gh-127060: Set TERM environment variable to “dumb” to disable traceback colors in IDLE, since IDLE doesn’t understand ANSI escape sequences. Patch by Victor Stinner.

• gh-126742: Fix support of localized error messages reported by dlerror(3) and gdbm_strerror in ctypes and dbm.gnu functions respectively. Patch by Bénédikt Tran.

• gh-127873: When -E is set, only ignore PYTHON_COLORS and not FORCE_COLOR/NO_COLOR/TERM when colourising output. Patch by Hugo van Kemenade.

• gh-127870: Detect recursive calls in ctypes _as_parameter_ handling. Patch by Victor Stinner.

• gh-127847: Fix the position when doing interleaved seeks and reads in uncompressed, unencrypted zip files returned by zipfile.ZipFile.open().

• gh-127732: The platform module now correctly detects Windows Server 2025.

• gh-126821: macOS and iOS apps can now choose to redirect stdout and stderr to the system log during interpreter configuration.

• gh-93312: Include <sys/pidfd.h> to get os.PIDFD_NONBLOCK constant. Patch by Victor Stinner.

• gh-83662: Add missing __class_getitem__ method to the Python implementation of functools.partial(), to make it compatible with the C version. This is mainly relevant for alternative Python implementations like PyPy and GraalPy, because CPython will usually use the C-implementation of that function.

• gh-127586: multiprocessing.pool.Pool now properly restores blocked signal handlers of the parent thread when creating processes via either spawn or forkserver.

• gh-98188: Fix an issue in email.message.Message.get_payload() where data cannot be decoded if the Content Transfer Encoding mechanism contains trailing whitespaces or additional junk text. Patch by Hui Liu.

• gh-127257: In ssl, system call failures that OpenSSL reports using ERR_LIB_SYS are now raised as OSError.

• gh-127096: Do not recreate unnamed section on every read in configparser.ConfigParser. Patch by Andrey Efremov.

• gh-127196: Fix crash when dict with keys in invalid encoding were passed to several functions in _interpreters module.

• gh-126775: Make linecache.checkcache() thread safe and GC re-entrancy safe.

• gh-126332: Fix _pyrepl crash when entering a double CTRL-Z on an overflowing line.

• gh-126225: getopt and optparse are no longer marked as deprecated. There are legitimate reasons to use one of these modules in preference to argparse, and none of these modules are at risk of being removed from the standard library. Of the three, argparse remains the recommended default choice, unless one of the concerns noted at the top of the optparse module documentation applies.

• gh-125553: Fix round-trip invariance for backslash continuations in tokenize.untokenize().

• gh-123987: Fixed issue in NamespaceReader where a non-path item in a namespace path, such as a sentinel added by an editable installer, would break resource loading.

• gh-123401: The http.cookies module now supports parsing obsolete RFC 850 date formats, in accordance with RFC 9110 requirements. Patch by Nano Zheng.

• gh-122431: readline.append_history_file() now raises a ValueError when given a negative value.

• gh-119257: Show tab completions menu below the current line, which results in less janky behaviour, and fixes a cursor movement bug. Patch by Daniel Hollas

Documentation

• gh-125722: Require Sphinx 8.1.3 or later to build the Python documentation. Patch by Adam Turner.

• gh-67206: Document that string.printable is not printable in the POSIX sense. In particular, string.printable.isprintable() returns False. Patch by Bénédikt Tran.

Library

• gh-129345: Fix null pointer dereference in syslog.openlog() when an audit hook raises an exception.

Core and Builtins

• gh-129093: Fix f-strings such as f'{expr=}' sometimes not displaying the full expression when the expression contains !=.

• gh-124363: Treat debug expressions in f-string as raw strings. Patch by Pablo Galindo

• gh-128799: Add frame of except* to traceback when it wraps a naked exception.

• gh-128078: Fix a SystemError when using anext() with a default tuple value. Patch by Bénédikt Tran.

• gh-128717: Fix a crash when setting the recursion limit while other threads are active on the free threaded build.

• gh-128330: Restore terminal control characters on REPL exit.

• gh-128079: Fix a bug where except* does not properly check the return value of an ExceptionGroup’s split() function, leading to a crash in some cases. Now when split() returns an invalid object, except* raises a TypeError with the original raised ExceptionGroup object chained to it.

• gh-128030: Avoid error from calling PyModule_GetFilenameObject on a non-module object when importing a non-existent symbol from a non-module object.

• gh-127903: Objects/unicodeobject.c: fix a crash on DEBUG builds in _copy_characters when there is nothing to copy.

• gh-127599: Fix statistics for increments of object reference counts (in particular, when a reference count was increased by more than 1 in a single operation).

• gh-127651: When raising ImportError for missing symbols in from imports, use __file__ in the error message if __spec__.origin is not a location

• gh-127582: Fix non-thread-safe object resurrection when calling finalizers and watcher callbacks in the free threading build.

• gh-127434: The iOS compiler shims can now accept arguments with spaces.

• gh-127536: Add missing locks around some list assignment operations in the free threading build.

• gh-126862: Fix a possible overflow when a class inherits from an absurd number of super-classes. Reported by Valery Fedorenko. Patch by Bénédikt Tran.

• gh-127349: Fixed the error when resizing terminal in Python REPL. Patch by Semyon Moroz.

• gh-126076: Relocated objects such as tuple, bytes and str objects are properly tracked by tracemalloc and its associated hooks. Patch by Pablo Galindo.

C API

• gh-127791: Fix loss of callbacks after more than one call to PyUnstable_AtExit().

Build

• gh-129539: Don’t redefine EX_OK when the system has the sysexits.h header.

• gh-128472: Skip BOLT optimization of functions using computed gotos, fixing errors on build with LLVM 19.

• gh-123925: Fix building the curses module on platforms with libncurses but without libncursesw.

• gh-128321: Set LIBS instead of LDFLAGS when checking if sqlite3 library functions are available. This fixes the ordering of linked libraries during checks, which was incorrect when using a statically linked libsqlite3.

• gh-127865: Fix build failure on systems without thread-locals support.

Python 3.13.1 final

Release date: 2024-12-03

macOS

• gh-124448: Update bundled Tcl/Tk in macOS installer to 8.6.15.

Windows

• gh-126911: Update credits command output.

• gh-118973: Ensures the experimental free-threaded install includes the _tkinter module. The optional Tcl/Tk component must also be installed in order for the module to work.

• gh-126497: Fixes venv failure due to missing redirector executables in experimental free-threaded installs.

• gh-126074: Removed unnecessary DLLs from Windows embeddable package

• gh-125315: Avoid crashing in platform due to slow WMI calls on some Windows machines.

• gh-126084: Fix venvwlauncher to launch pythonw instead of python so no extra console window is created.

• gh-125842: Fix a SystemError when sys.exit() is called with 0xffffffff on Windows.

• gh-125550: Enable the Python Launcher for Windows to detect Python 3.14 installs from the Windows Store.

• gh-124448: Updated bundled Tcl/Tk to 8.6.15.

Tools/Demos

• gh-126807: Fix extraction warnings in pygettext.py caused by mistaking function definitions for function calls.

• gh-126167: The iOS testbed was modified so that it can be used by third-party projects for testing purposes.

Tests

• gh-126909: Fix test_os extended attribute tests to work on filesystems with 1 KiB xattr size limit.

• gh-125041: Re-enable skipped tests for zlib on the s390x architecture: only skip checks of the compressed bytes, which can be different between zlib’s software implementation and the hardware-accelerated implementation.

• gh-124295: Add translation tests to the argparse module.

Security

• gh-126623: Upgrade libexpat to 2.6.4

• gh-125140: Remove the current directory from sys.path when using PyREPL.

• gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.

Library

• gh-127321: pdb.set_trace() will not stop at an opcode that does not have an associated line number anymore.

• gh-127303: Publicly expose EXACT_TOKEN_TYPES in token.__all__.

• gh-123967: Fix faulthandler for trampoline frames. If the top-most frame is a trampoline frame, skip it. Patch by Victor Stinner.

• gh-127182: Fix io.StringIO.__setstate__() crash, when None was passed as the first value.

• gh-127217: Fix urllib.request.pathname2url() for paths starting with multiple slashes on Posix.

• gh-127035: Fix shutil.which on Windows. Now it looks at direct match if and only if the command ends with a PATHEXT extension or X_OK is not in mode. Support extensionless files if “.” is in PATHEXT. Support PATHEXT extensions that end with a dot.

• gh-122273: Support PyREPL history on Windows. Patch by devdanzin and Victor Stinner.

• gh-127078: Fix issue where urllib.request.url2pathname() failed to discard an extra slash before a UNC drive in the URL path on Windows.

• gh-126766: Fix issue where urllib.request.url2pathname() failed to discard any ‘localhost’ authority present in the URL.

• gh-127065: Fix crash when calling a operator.methodcaller() instance from multiple threads in the free threading build.

• gh-126997: Fix support of STRING and GLOBAL opcodes with non-ASCII arguments in pickletools. pickletools.dis() now outputs non-ASCII bytes in STRING, BINSTRING and SHORT_BINSTRING arguments as escaped (\xXX).

• gh-126316: grp: Make grp.getgrall() thread-safe by adding a mutex. Patch by Victor Stinner.

• gh-126618: Fix the representation of itertools.count objects when the count value is sys.maxsize.

• gh-85168: Fix issue where urllib.request.url2pathname() and pathname2url() always used UTF-8 when quoting and unquoting file URIs. They now use the filesystem encoding and error handler.

• gh-67877: Fix memory leaks when regular expression matching terminates abruptly, either because of a signal or because memory allocation fails.

• gh-126789: Fixed the values of sysconfig.get_config_vars(), sysconfig.get_paths(), and their siblings when the site initialization happens after sysconfig has built a cache for sysconfig.get_config_vars().

• gh-126188: Update bundled pip to 24.3.1

• gh-126780: Fix os.path.normpath() for drive-relative paths on Windows.

• gh-126766: Fix issue where urllib.request.url2pathname() failed to discard two leading slashes introducing an empty authority section.

• gh-126727: locale.nl_langinfo(locale.ERA) now returns multiple era description segments separated by semicolons. Previously it only returned the first segment on platforms with Glibc.

• gh-126699: Allow collections.abc.AsyncIterator to be a base for Protocols.

• gh-126654: Fix crash when non-dict was passed to several functions in _interpreters module.

• gh-104745: Limit starting a patcher (from unittest.mock.patch() or unittest.mock.patch.object()) more than once without stopping it

• gh-126595: Fix a crash when instantiating itertools.count with an initial count of sys.maxsize on debug builds. Patch by Bénédikt Tran.

• gh-120423: Fix issue where urllib.request.pathname2url() mishandled Windows paths with embedded forward slashes.

• gh-126565: Improve performances of zipfile.Path.open() for non-reading modes.

• gh-126505: Fix bugs in compiling case-insensitive regular expressions with character classes containing non-BMP characters: upper-case non-BMP character did was ignored and the ASCII flag was ignored when matching a character range whose upper bound is beyond the BMP region.

• gh-117378: Fixed the multiprocessing "forkserver" start method forkserver process to correctly inherit the parent’s sys.path during the importing of multiprocessing.set_forkserver_preload() modules in the same manner as sys.path is configured in workers before executing work items.

  This bug caused some forkserver module preloading to silently fail to preload. This manifested as a performance degration in child processes when the sys.path was required due to additional repeated work in every worker.

  It could also have a side effect of "" remaining in sys.path during forkserver preload imports instead of the absolute path from os.getcwd() at multiprocessing import time used in the worker sys.path.

  The sys.path differences between phases in the child process could potentially have caused preload to import incorrect things from the wrong location. We are unaware of that actually having happened in practice.

• gh-125679: The multiprocessing.Lock and multiprocessing.RLock repr values no longer say “unknown” on macOS.

• gh-126476: Raise calendar.IllegalMonthError (now a subclass of IndexError) for calendar.month() when the input month is not correct.

• gh-126489: The Python implementation of pickle no longer calls pickle.Pickler.persistent_id() for the result of persistent_id().

• gh-126313: Fix an issue in curses.napms() when curses.initscr() has not yet been called. Patch by Bénédikt Tran.

• gh-126303: Fix pickling and copying of os.sched_param objects.

• gh-126138: Fix a use-after-free crash on asyncio.Task objects whose underlying coroutine yields an object that implements an evil __getattribute__(). Patch by Nico Posada.

• gh-126220: Fix crash in cProfile.Profile and _lsprof.Profiler when their callbacks were directly called with 0 arguments.

• gh-126212: Fix issue where urllib.request.pathname2url() and url2pathname() removed slashes from Windows DOS drive paths and URLs.

• gh-126223: Raise a UnicodeEncodeError instead of a SystemError upon calling _interpreters.create() with an invalid Unicode character.

• gh-126205: Fix issue where urllib.request.pathname2url() generated URLs beginning with four slashes (rather than two) when given a Windows UNC path.

• gh-126105: Fix a crash in ast when the ast.AST._fields attribute is deleted.

• gh-126106: Fixes a possible NULL pointer dereference in ssl.

• gh-126080: Fix a use-after-free crash on asyncio.Task objects for which the underlying event loop implements an evil __getattribute__(). Reported by Nico-Posada. Patch by Bénédikt Tran.

• gh-126083: Fixed a reference leak in asyncio.Task objects when reinitializing the same object with a non-None context. Patch by Nico Posada.

• gh-125984: Fix use-after-free crashes on asyncio.Future objects for which the underlying event loop implements an evil __getattribute__(). Reported by Nico-Posada. Patch by Bénédikt Tran.

• gh-125969: Fix an out-of-bounds crash when an evil asyncio.loop.call_soon() mutates the length of the internal callbacks list. Patch by Bénédikt Tran.

• gh-125966: Fix a use-after-free crash in asyncio.Future.remove_done_callback(). Patch by Bénédikt Tran.

• gh-125789: Fix possible crash when mutating list of callbacks returned by asyncio.Future._callbacks. It now always returns a new copy in C implementation _asyncio. Patch by Kumar Aditya.

• gh-124452: Fix an issue in email.policy.EmailPolicy.header_source_parse() and email.policy.Compat32.header_source_parse() that introduced spurious leading whitespaces into header values when the header includes a newline character after the header name delimiter (:) and before the value.

• gh-125884: Fixed the bug for pdb where it can’t set breakpoints on functions with certain annotations.

• gh-125355: Fix several bugs in argparse.ArgumentParser.parse_intermixed_args().

  • The parser no longer changes temporarily during parsing.

  • Default values are not processed twice.

  • Required mutually exclusive groups containing positional arguments are now supported.

  • The missing arguments report now includes the names of all required optional and positional arguments.

  • Unknown options can be intermixed with positional arguments in parse_known_intermixed_args().

• gh-125666: Avoid the exiting the interpreter if a null byte is given as input in the new REPL.

• gh-125710: [Enum] fix hashable<->nonhashable comparisons for member values

• gh-125631: Restore ability to set persistent_id and persistent_load attributes of instances of the Pickler and Unpickler classes in the pickle module.

• gh-125378: Fixed the bug in pdb where after a multi-line command, an empty line repeats the first line of the multi-line command, instead of the full command.

• gh-125682: Reject non-ASCII digits in the Python implementation of json.loads() conforming to the JSON specification.

• gh-125660: Reject invalid unicode escapes for Python implementation of json.loads().

• gh-125259: Fix the notes removal logic for errors thrown in enum initialization.

• gh-125590: Allow FrameLocalsProxy to delete and pop if the key is not a fast variable.

• gh-125519: Improve traceback if importlib.reload() is called with an object that is not a module. Patch by Alex Waygood.

• gh-125451: Fix deadlock when concurrent.futures.ProcessPoolExecutor shuts down concurrently with an error when feeding a job to a worker process.

• gh-125422: Fixed the bug where pdb and bdb can step into the bottom caller frame.

• gh-100141: Fixed the bug where pdb will be stuck in an infinite loop when debugging an empty file.

• gh-125115: Fixed a bug in pdb where arguments starting with - can’t be passed to the debugged script.

• gh-53203: Fix time.strptime() for %c, %x and %X formats in many locales that use non-ASCII digits, like Persian, Burmese, Odia and Shan.

• gh-125398: Fix the conversion of the VIRTUAL_ENV path in the activate script in venv when running in Git Bash for Windows.

• gh-125316: Fix using functools.partial() as enum.Enum member. A FutureWarning with suggestion to use enum.member() is now emitted when the partial instance is used as an enum member.

• gh-125245: Fix race condition when importing collections.abc, which could incorrectly return an empty module.

• gh-125243: Fix data race when creating zoneinfo.ZoneInfo objects in the free threading build.

• gh-125254: Fix a bug where ArgumentError includes the incorrect ambiguous option in argparse.

• gh-125235: Keep tkinter TCL paths in venv pointing to base installation on Windows.

• gh-61011: Fix inheritance of nested mutually exclusive groups from parent parser in argparse.ArgumentParser. Previously, all nested mutually exclusive groups lost their connection to the group containing them and were displayed as belonging directly to the parser.

• gh-52551: Fix encoding issues in time.strftime(), the strftime() method of the datetime classes datetime, date and time and formatting of these classes. Characters not encodable in the current locale are now acceptable in the format string. Surrogate pairs and sequence of surrogatescape-encoded bytes are no longer recombinated. Embedded null character no longer terminates the format string.

• gh-125118: Don’t copy arbitrary values to _Bool in the struct module.

• gh-125069: Fix an issue where providing a pathlib.PurePath object as an initializer argument to a second PurePath object with a different parser resulted in arguments to the former object’s initializer being joined by the latter object’s parser.

• gh-125096: If the PYTHON_BASIC_REPL environment variable is set, the site module no longer imports the _pyrepl module. Moreover, the site module now respects -E and -I command line options: ignore PYTHON_BASIC_REPL in this case. Patch by Victor Stinner.

• gh-124969: Fix locale.nl_langinfo(locale.ALT_DIGITS) on platforms with glibc. Now it returns a string consisting of up to 100 semicolon-separated symbols (an empty string in most locales) on all Posix platforms. Previously it only returned the first symbol or an empty string.

• gh-124960: Fix support for the barry_as_FLUFL future flag in the new REPL.

• gh-124984: Fixed thread safety in ssl in the free-threaded build. OpenSSL operations are now protected by a per-object lock.

• gh-124958: Fix refcycles in exceptions raised from asyncio.TaskGroup and the python implementation of asyncio.Future

• gh-53203: Fix time.strptime() for %c and %x formats in many locales: Arabic, Bislama, Breton, Bodo, Kashubian, Chuvash, Estonian, French, Irish, Ge’ez, Gurajati, Manx Gaelic, Hebrew, Hindi, Chhattisgarhi, Haitian Kreyol, Japanese, Kannada, Korean, Marathi, Malay, Norwegian, Nynorsk, Punjabi, Rajasthani, Tok Pisin, Yoruba, Yue Chinese, Yau/Nungon and Chinese.

• gh-124917: Allow calling os.path.exists() and os.path.lexists() with keyword arguments on Windows. Fixes a regression in 3.13.0.

• gh-124653: Fix detection of the minimal Queue API needed by the logging module. Patch by Bénédikt Tran.

• gh-124858: Fix reference cycles left in tracebacks in asyncio.open_connection() when used with happy_eyeballs_delay

• gh-124390: Fixed AssertionError when using asyncio.staggered.staggered_race() with asyncio.eager_task_factory.

• gh-124651: Properly quote template strings in venv activation scripts.

• gh-116850: Fix argparse for namespaces with not directly writable dict (e.g. classes).

• gh-58573: Fix conflicts between abbreviated long options in the parent parser and subparsers in argparse.

• gh-124594: All asyncio REPL prompts run in the same context. Contributed by Bartosz Sławecki.

• gh-61181: Fix support of choices with string value in argparse. Substrings of the specified string no longer considered valid values.

• gh-80259: Fix argparse support of positional arguments with nargs='?', default=argparse.SUPPRESS and specified type.

• gh-120378: Fix a crash related to an integer overflow in curses.resizeterm() and curses.resize_term().

• gh-123884: Fixed bug in itertools.tee() handling of other tee inputs (a tee in a tee). The output now has the promised n independent new iterators. Formerly, the first iterator was identical (not independent) to the input iterator. This would sometimes give surprising results.

• gh-58956: Fixed a bug in pdb where sometimes the breakpoint won’t trigger if it was set on a function which is already in the call stack.

• gh-124345: argparse vim supports abbreviated single-dash long options separated by = from its value.

• gh-104860: Fix disallowing abbreviation of single-dash long options in argparse with allow_abbrev=False.

• gh-63143: Fix parsing mutually exclusive arguments in argparse. Arguments with the value identical to the default value (e.g. booleans, small integers, empty or 1-character strings) are no longer considered “not present”.

• gh-72795: Positional arguments with nargs equal to '*' or argparse.REMAINDER are no longer required. This allows to use positional argument with nargs='*' and without default in mutually exclusive group and improves error message about required arguments.

• gh-59317: Fix parsing positional argument with nargs equal to '?' or '*' if it is preceded by an option and another positional argument.

• gh-53780: argparse now ignores the first "--" (double dash) between an option and command.

• gh-124217: Add RFC 9637 reserved IPv6 block 3fff::/20 in ipaddress module.

• gh-81691: Fix handling of multiple "--" (double dashes) in argparse. Only the first one has now been removed, all subsequent ones are now taken literally.

• gh-123978: Remove broken time.thread_time() and time.thread_time_ns() on NetBSD.

• gh-124008: Fix possible crash (in debug build), incorrect output or returning incorrect value from raw binary write() when writing to console on Windows.

• gh-123935: Fix parent slots detection for dataclasses that inherit from classes with __dictoffset__.

• gh-122765: Fix unbalanced quote errors occurring when activate.csh in venv was sourced with a custom prompt containing unpaired quotes or newlines.

• gh-123370: Fix the canvas not clearing after running turtledemo clock.

• gh-116810: Resolve a memory leak introduced in CPython 3.10’s ssl when the ssl.SSLSocket.session property was accessed. Speeds up read and write access to said property by no longer unnecessarily cloning session objects via serialization.

• gh-120754: Update unbounded read calls in zipfile to specify an explicit size putting a limit on how much data they may read. This also updates handling around ZIP max comment size to match the standard instead of reading comments that are one byte too long.

• gh-70764: Fixed an issue where inspect.getclosurevars() would incorrectly classify an attribute name as a global variable when the name exists both as an attribute name and a global variable.

• gh-118289: posixpath.realpath() now raises NotADirectoryError when strict mode is enabled and a non-directory path with a trailing slash is supplied.

• gh-119826: Always return an absolute path for os.path.abspath() on Windows.

• gh-117766: Always use str() to print choices in argparse.

• gh-101955: Fix SystemError when match regular expression pattern containing some combination of possessive quantifier, alternative and capture group.

• gh-88110: Fixed multiprocessing.Process reporting a .exitcode of 1 even on success when using the "fork" start method while using a concurrent.futures.ThreadPoolExecutor.

• gh-71936: Fix a race condition in multiprocessing.pool.Pool.

• bpo-46128: Strip unittest.IsolatedAsyncioTestCase stack frames from reported stacktraces.

• bpo-14074: Fix argparse metavar processing to allow positional arguments to have a tuple metavar.

IDLE

• gh-122392: Increase currently inadequate vertical spacing for the IDLE browsers (path, module, and stack) on high-resolution monitors.

Documentation

• gh-126622: Added stub pages for removed modules explaining their removal, where to find replacements, and linking to the last Python version that supported them. Contributed by Ned Batchelder.

• gh-125277: Require Sphinx 7.2.6 or later to build the Python documentation. Patch by Adam Turner.

• gh-124872: Added definitions for context, current context, and context management protocol, updated related definitions to be consistent, and expanded the documentation for contextvars.Context.

• gh-125018: The importlib.metadata documentation now includes semantic cross-reference targets for the significant documented APIs. This means intersphinx references like importlib.metadata.version() will now work as expected.

• gh-70870: Clarified the dual usage of the term “free variable” (both the formal meaning of any reference to names defined outside the local scope, and the narrower pragmatic meaning of nonlocal variables named in co_freevars).

• gh-121277: Writers of CPython’s documentation can now use next as the version for the versionchanged, versionadded, deprecated directives.

• gh-60712: Include the object type in the lists of documented types. Change by Furkan Onder and Martin Panter.

• bpo-34008: The Py_Main() documentation moved from the “Very High Level API” section to the “Initialization and Finalization” section.

  Also make it explicit that we expect Py_Main to typically be called instead of Py_Initialize rather than after it (since Py_Main makes its own call to Py_Initialize). Document that calling both is supported but is version dependent on which settings will be applied correctly.

Core and Builtins

• gh-113841: Fix possible undefined behavior division by zero in complex’s _Py_c_pow().

• gh-127020: Fix a crash in the free threading build when PyCode_GetCode(), PyCode_GetVarnames(), PyCode_GetCellvars(), or PyCode_GetFreevars() were called from multiple threads at the same time.

• gh-126980: Fix __buffer__() of bytearray crashing when READ or WRITE are passed as flags.

• gh-126881: Fix crash in finalization of dtoa state. Patch by Kumar Aditya.

• gh-126341: Now ValueError is raised instead of SystemError when trying to iterate over a released memoryview object.

• gh-126688: Fix a crash when calling os.fork() on some operating systems, including SerenityOS.

Library

• gh-126066: Fix importlib to not write an incomplete .pyc files when a ulimit or some other operating system mechanism is preventing the write to go through fully.

Core and Builtins

• gh-126312: Fix crash during garbage collection on an object frozen by gc.freeze() on the free-threaded build.

• gh-126139: Provide better error location when attempting to use a future statement with an unknown future feature.

• gh-126018: Fix a crash in sys.audit() when passing a non-string as first argument and Python was compiled in debug mode.

• gh-125942: On Android, the errors setting of sys.stdout was changed from surrogateescape to backslashreplace.

• gh-125859: Fix a crash in the free threading build when gc.get_objects() or gc.get_referrers() is called during an in-progress garbage collection.