Python 3.14.2: Key Bugfixes and Enhancements
Just days after the previous maintenance update, the Python development team has released version 3.14.2 as an expedited patch to resolve several critical regressions discovered in the 3.14 series. This second maintenance release of Python 3.14 includes 18 bugfixes, build improvements, and documentation changes since 3.14.1. The urgency of this release stems from four notable regressions that affected core functionality, along with two important security fixes.
Regressions Fixed in 3.14.2
- gh-142206: Exceptions in multiprocessing that disrupted running programs during Python upgrades. This fix ensures seamless compatibility when upgrading Python in active environments.
- gh-142214: Exceptions in dataclasses that lacked an
__init__method, causing crashes in class definitions relying on default constructors. - gh-142218: Segmentation faults and assertion failures in the insertdict function, a core dictionary operation. This patch stabilizes dictionary insertions under certain edge conditions.
- gh-140797: Crashes when using multiple capturing groups in re.Scanner, a regular expression scanning tool. This fix restores reliability for complex pattern matching.
Security Enhancements in 3.14.2
- gh-142145: Removal of quadratic behavior in node ID cache clearing (CVE-2025-12084). This vulnerability could lead to denial of service via excessive memory consumption. The fix optimizes cache management to prevent performance degradation.
- gh-119452: Fix for a potential virtual memory allocation denial of service in http.server. This patch mitigates attacks that could exhaust system memory through malformed requests.
For a complete list of changes, refer to the Python 3.14.2 release page.
Python 3.13.11: Stability and Security Improvements
Alongside the 3.14.2 release, the team also published Python 3.13.11, an expedited maintenance update for the 3.13 branch. This is the eleventh maintenance release of Python 3.13 and focuses on fixing regressions that occurred between recent updates, as well as addressing security vulnerabilities similar to those in 3.14.2.
Regressions Fixed in 3.13.11
- gh-142206: Exceptions in multiprocessing encountered when Python is upgraded while programs are running.
- gh-142218: Segmentation faults and assertion failures in insertdict, affecting dictionary operations.
- gh-140797: Crashes triggered by multiple capturing groups in re.Scanner.
Note that the regression related to dataclasses (gh-142214) was not present in 3.13, so it does not appear in this release.
Security Enhancements in 3.13.11
- gh-142145: Same as in 3.14.2 – removal of quadratic behavior in node ID cache clearing (CVE-2025-12084). This security fix applies to all supported Python versions.
- gh-119451: Fix for a potential denial of service in http.client, addressing a vulnerability that could crash applications making HTTP requests.
- gh-119452: Fix for a potential virtual memory allocation denial of service in http.server, ensuring the HTTP server cannot exhaust system resources.
Upgrading Your Python Installation
Given the expedited nature of these releases, all Python users are strongly encouraged to upgrade to 3.14.2 or 3.13.11 depending on their branch preference. The fixes target real-world issues that can cause unexpected crashes, segmentation faults, and security risks. Upgrading is straightforward: download the appropriate installer from the official Python downloads page or use a package manager like pip via your operating system’s package repositories.
Acknowledgments and Community Support
The Python development team thanks all volunteers who contributed to these releases. Their efforts in identifying, reporting, and resolving regressions and security flaws are invaluable. The team also encourages community members to consider supporting the Python Software Foundation through volunteer work or organizational contributions.
These updates were coordinated by the Python release team: Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa. As always, enjoy the new releases and happy coding!