What’s New In Python 3.9 (original) (raw)

Editor:

Łukasz Langa

This article explains the new features in Python 3.9, compared to 3.8. Python 3.9 was released on October 5, 2020. For full details, see the changelog.

See also

PEP 596 - Python 3.9 Release Schedule

Summary – Release highlights

New syntax features:

New built-in features:

New features in the standard library:

Interpreter improvements:

New library modules:

Release process changes:

You should check for DeprecationWarning in your code

When Python 2.7 was still supported, a lot of functionality in Python 3 was kept for backward compatibility with Python 2.7. With the end of Python 2 support, these backward compatibility layers have been removed, or will be removed soon. Most of them emitted a DeprecationWarning warning for several years. For example, using collections.Mapping instead ofcollections.abc.Mapping emits a DeprecationWarning since Python 3.3, released in 2012.

Test your application with the -W default command-line option to seeDeprecationWarning and PendingDeprecationWarning, or even with-W error to treat them as errors. Warnings Filter can be used to ignore warnings from third-party code.

Python 3.9 is the last version providing those Python 2 backward compatibility layers, to give more time to Python projects maintainers to organize the removal of the Python 2 support and add support for Python 3.9.

Aliases to Abstract Base Classes in the collections module, like collections.Mapping alias tocollections.abc.Mapping, are kept for one last release for backward compatibility. They will be removed from Python 3.10.

More generally, try to run your tests in the Python Development Mode which helps to prepare your code to make it compatible with the next Python version.

Note: a number of pre-existing deprecations were removed in this version of Python as well. Consult the Removed section.

New Features

Dictionary Merge & Update Operators

Merge (|) and update (|=) operators have been added to the built-indict class. Those complement the existing dict.update and{**d1, **d2} methods of merging dictionaries.

Example:

x = {"key1": "value1 from x", "key2": "value2 from x"} y = {"key2": "value2 from y", "key3": "value3 from y"} x | y {'key1': 'value1 from x', 'key2': 'value2 from y', 'key3': 'value3 from y'} y | x {'key2': 'value2 from x', 'key3': 'value3 from y', 'key1': 'value1 from x'}

See PEP 584 for a full description. (Contributed by Brandt Bucher in bpo-36144.)

New String Methods to Remove Prefixes and Suffixes

str.removeprefix(prefix) andstr.removesuffix(suffix) have been added to easily remove an unneeded prefix or a suffix from a string. Correspondingbytes, bytearray, and collections.UserString methods have also been added. See PEP 616 for a full description. (Contributed by Dennis Sweeney inbpo-39939.)

Type Hinting Generics in Standard Collections

In type annotations you can now use built-in collection types such aslist and dict as generic types instead of importing the corresponding capitalized types (e.g. List or Dict) fromtyping. Some other types in the standard library are also now generic, for example queue.Queue.

Example:

def greet_all(names: list[str]) -> None: for name in names: print("Hello", name)

See PEP 585 for more details. (Contributed by Guido van Rossum, Ethan Smith, and Batuhan Taşkaya in bpo-39481.)

New Parser

Python 3.9 uses a new parser, based on PEG instead of LL(1). The new parser’s performance is roughly comparable to that of the old parser, but the PEG formalism is more flexible than LL(1) when it comes to designing new language features. We’ll start using this flexibility in Python 3.10 and later.

The ast module uses the new parser and produces the same AST as the old parser.

In Python 3.10, the old parser will be deleted and so will all functionality that depends on it (primarily the parser module, which has long been deprecated). In Python 3.9 only, you can switch back to the LL(1) parser using a command line switch (-X oldparser) or an environment variable (PYTHONOLDPARSER=1).

See PEP 617 for more details. (Contributed by Guido van Rossum, Pablo Galindo and Lysandros Nikolaou in bpo-40334.)

Other Language Changes

New Modules

zoneinfo

The zoneinfo module brings support for the IANA time zone database to the standard library. It adds zoneinfo.ZoneInfo, a concretedatetime.tzinfo implementation backed by the system’s time zone data.

Example:

from zoneinfo import ZoneInfo from datetime import datetime, timedelta

Daylight saving time

dt = datetime(2020, 10, 31, 12, tzinfo=ZoneInfo("America/Los_Angeles")) print(dt) 2020-10-31 12:00:00-07:00 dt.tzname() 'PDT'

Standard time

dt += timedelta(days=7) print(dt) 2020-11-07 12:00:00-08:00 print(dt.tzname()) PST

As a fall-back source of data for platforms that don’t ship the IANA database, the tzdata module was released as a first-party package – distributed via PyPI and maintained by the CPython core team.

See also

PEP 615 – Support for the IANA Time Zone Database in the Standard Library

PEP written and implemented by Paul Ganssle

graphlib

A new module, graphlib, was added that contains thegraphlib.TopologicalSorter class to offer functionality to perform topological sorting of graphs. (Contributed by Pablo Galindo, Tim Peters and Larry Hastings in bpo-17005.)

Improved Modules

ast

Added the indent option to dump() which allows it to produce a multiline indented output. (Contributed by Serhiy Storchaka in bpo-37995.)

Added ast.unparse() as a function in the ast module that can be used to unparse an ast.AST object and produce a string with code that would produce an equivalent ast.AST object when parsed. (Contributed by Pablo Galindo and Batuhan Taskaya in bpo-38870.)

Added docstrings to AST nodes that contains the ASDL signature used to construct that node. (Contributed by Batuhan Taskaya in bpo-39638.)

asyncio

Due to significant security concerns, the reuse_address parameter ofasyncio.loop.create_datagram_endpoint() is no longer supported. This is because of the behavior of the socket option SO_REUSEADDR in UDP. For more details, see the documentation for loop.create_datagram_endpoint(). (Contributed by Kyle Stanley, Antoine Pitrou, and Yury Selivanov inbpo-37228.)

Added a new coroutine shutdown_default_executor()that schedules a shutdown for the default executor that waits on theThreadPoolExecutor to finish closing. Also,asyncio.run() has been updated to use the new coroutine. (Contributed by Kyle Stanley in bpo-34037.)

Added asyncio.PidfdChildWatcher, a Linux-specific child watcher implementation that polls process file descriptors. (bpo-38692)

Added a new coroutine asyncio.to_thread(). It is mainly used for running IO-bound functions in a separate thread to avoid blocking the event loop, and essentially works as a high-level version ofrun_in_executor() that can directly take keyword arguments. (Contributed by Kyle Stanley and Yury Selivanov in bpo-32309.)

When cancelling the task due to a timeout, asyncio.wait_for() will now wait until the cancellation is complete also in the case when timeout is <= 0, like it does with positive timeouts. (Contributed by Elvis Pranskevichus in bpo-32751.)

asyncio now raises TypeError when calling incompatible methods with an ssl.SSLSocket socket. (Contributed by Ido Michael in bpo-37404.)

compileall

Added new possibility to use hardlinks for duplicated .pyc files: hardlink_dupes parameter and –hardlink-dupes command line option. (Contributed by Lumír ‘Frenzy’ Balhar in bpo-40495.)

Added new options for path manipulation in resulting .pyc files: stripdir, prependdir, limit_sl_dest parameters and -s, -p, -e command line options. Added the possibility to specify the option for an optimization level multiple times. (Contributed by Lumír ‘Frenzy’ Balhar in bpo-38112.)

concurrent.futures

Added a new cancel_futures parameter toconcurrent.futures.Executor.shutdown() that cancels all pending futures which have not started running, instead of waiting for them to complete before shutting down the executor. (Contributed by Kyle Stanley in bpo-39349.)

Removed daemon threads from ThreadPoolExecutorand ProcessPoolExecutor. This improves compatibility with subinterpreters and predictability in their shutdown processes. (Contributed by Kyle Stanley in bpo-39812.)

Workers in ProcessPoolExecutor are now spawned on demand, only when there are no available idle workers to reuse. This optimizes startup overhead and reduces the amount of lost CPU time to idle workers. (Contributed by Kyle Stanley in bpo-39207.)

curses

Added curses.get_escdelay(), curses.set_escdelay(),curses.get_tabsize(), and curses.set_tabsize() functions. (Contributed by Anthony Sottile in bpo-38312.)

datetime

The isocalendar() of datetime.dateand isocalendar() of datetime.datetimemethods now returns a namedtuple() instead of a tuple. (Contributed by Donghee Na in bpo-24416.)

distutils

The upload command now creates SHA2-256 and Blake2b-256 hash digests. It skips MD5 on platforms that block MD5 digest. (Contributed by Christian Heimes in bpo-40698.)

fcntl

Added constants F_OFD_GETLK, F_OFD_SETLKand F_OFD_SETLKW. (Contributed by Donghee Na in bpo-38602.)

ftplib

FTP and FTP_TLS now raise a ValueErrorif the given timeout for their constructor is zero to prevent the creation of a non-blocking socket. (Contributed by Donghee Na in bpo-39259.)

gc

When the garbage collector makes a collection in which some objects resurrect (they are reachable from outside the isolated cycles after the finalizers have been executed), do not block the collection of all objects that are still unreachable. (Contributed by Pablo Galindo and Tim Peters in bpo-38379.)

Added a new function gc.is_finalized() to check if an object has been finalized by the garbage collector. (Contributed by Pablo Galindo inbpo-39322.)

hashlib

The hashlib module can now use SHA3 hashes and SHAKE XOF from OpenSSL when available. (Contributed by Christian Heimes in bpo-37630.)

Builtin hash modules can now be disabled with./configure --without-builtin-hashlib-hashes or selectively enabled with e.g. ./configure --with-builtin-hashlib-hashes=sha3,blake2 to force use of OpenSSL based implementation. (Contributed by Christian Heimes in bpo-40479)

http

HTTP status codes 103 EARLY_HINTS, 418 IM_A_TEAPOT and 425 TOO_EARLY are added tohttp.HTTPStatus. (Contributed by Donghee Na in bpo-39509 and Ross Rhodes in bpo-39507.)

IDLE and idlelib

Added option to toggle cursor blink off. (Contributed by Zackery Spytz in bpo-4603.)

Escape key now closes IDLE completion windows. (Contributed by Johnny Najera in bpo-38944.)

Added keywords to module name completion list. (Contributed by Terry J. Reedy in bpo-37765.)

New in 3.9 maintenance releases

Make IDLE invoke sys.excepthook() (when started without ‘-n’). User hooks were previously ignored. (Contributed by Ken Hilton inbpo-43008.)

The changes above have been backported to 3.8 maintenance releases.

Rearrange the settings dialog. Split the General tab into Windows and Shell/Ed tabs. Move help sources, which extend the Help menu, to the Extensions tab. Make space for new options and shorten the dialog. The latter makes the dialog better fit small screens. (Contributed by Terry Jan Reedy in bpo-40468.) Move the indent space setting from the Font tab to the new Windows tab. (Contributed by Mark Roseman and Terry Jan Reedy inbpo-33962.)

Apply syntax highlighting to .pyi files. (Contributed by Alex Waygood and Terry Jan Reedy in bpo-45447.)

imaplib

IMAP4 and IMAP4_SSL now have an optional timeout parameter for their constructors. Also, the open() method now has an optional timeout parameter with this change. The overridden methods of IMAP4_SSL andIMAP4_stream were applied to this change. (Contributed by Donghee Na in bpo-38615.)

imaplib.IMAP4.unselect() is added.imaplib.IMAP4.unselect() frees server’s resources associated with the selected mailbox and returns the server to the authenticated state. This command performs the same actions as imaplib.IMAP4.close(), except that no messages are permanently removed from the currently selected mailbox. (Contributed by Donghee Na in bpo-40375.)

importlib

To improve consistency with import statements, importlib.util.resolve_name()now raises ImportError instead of ValueError for invalid relative import attempts. (Contributed by Ngalim Siregar in bpo-37444.)

Import loaders which publish immutable module objects can now publish immutable packages in addition to individual modules. (Contributed by Dino Viehland in bpo-39336.)

Added importlib.resources.files() function with support for subdirectories in package data, matching backport in importlib_resourcesversion 1.5. (Contributed by Jason R. Coombs in bpo-39791.)

Refreshed importlib.metadata from importlib_metadata version 1.6.1.

inspect

inspect.BoundArguments.arguments is changed from OrderedDict to regular dict. (Contributed by Inada Naoki in bpo-36350 and bpo-39775.)

ipaddress

ipaddress now supports IPv6 Scoped Addresses (IPv6 address with suffix %<scope_id>).

Scoped IPv6 addresses can be parsed using ipaddress.IPv6Address. If present, scope zone ID is available through the scope_id attribute. (Contributed by Oleksandr Pavliuk in bpo-34788.)

Starting with Python 3.9.5 the ipaddress module no longer accepts any leading zeros in IPv4 address strings. (Contributed by Christian Heimes in bpo-36384).

math

Expanded the math.gcd() function to handle multiple arguments. Formerly, it only supported two arguments. (Contributed by Serhiy Storchaka in bpo-39648.)

Added math.lcm(): return the least common multiple of specified arguments. (Contributed by Mark Dickinson, Ananthakrishnan and Serhiy Storchaka inbpo-39479 and bpo-39648.)

Added math.nextafter(): return the next floating-point value after _x_towards y. (Contributed by Victor Stinner in bpo-39288.)

Added math.ulp(): return the value of the least significant bit of a float. (Contributed by Victor Stinner in bpo-39310.)

multiprocessing

The multiprocessing.SimpleQueue class has a newclose() method to explicitly close the queue. (Contributed by Victor Stinner in bpo-30966.)

nntplib

NNTP and NNTP_SSL now raise a ValueErrorif the given timeout for their constructor is zero to prevent the creation of a non-blocking socket. (Contributed by Donghee Na in bpo-39259.)

os

Added CLD_KILLED and CLD_STOPPED for si_code. (Contributed by Donghee Na in bpo-38493.)

Exposed the Linux-specific os.pidfd_open() (bpo-38692) andos.P_PIDFD (bpo-38713) for process management with file descriptors.

The os.unsetenv() function is now also available on Windows. (Contributed by Victor Stinner in bpo-39413.)

The os.putenv() and os.unsetenv() functions are now always available. (Contributed by Victor Stinner in bpo-39395.)

Added os.waitstatus_to_exitcode() function: convert a wait status to an exit code. (Contributed by Victor Stinner in bpo-40094.)

pathlib

Added pathlib.Path.readlink() which acts similarly toos.readlink(). (Contributed by Girts Folkmanis in bpo-30618)

pdb

On Windows now Pdb supports ~/.pdbrc. (Contributed by Tim Hopper and Dan Lidral-Porter in bpo-20523.)

poplib

POP3 and POP3_SSL now raise a ValueErrorif the given timeout for their constructor is zero to prevent the creation of a non-blocking socket. (Contributed by Donghee Na in bpo-39259.)

pprint

pprint can now pretty-print types.SimpleNamespace. (Contributed by Carl Bordum Hansen in bpo-37376.)

pydoc

The documentation string is now shown not only for class, function, method etc, but for any object that has its own __doc__attribute. (Contributed by Serhiy Storchaka in bpo-40257.)

random

Added a new random.Random.randbytes method: generate random bytes. (Contributed by Victor Stinner in bpo-40286.)

signal

Exposed the Linux-specific signal.pidfd_send_signal() for sending to signals to a process using a file descriptor instead of a pid. (bpo-38712)

smtplib

SMTP and SMTP_SSL now raise a ValueErrorif the given timeout for their constructor is zero to prevent the creation of a non-blocking socket. (Contributed by Donghee Na in bpo-39259.)

LMTP constructor now has an optional timeout parameter. (Contributed by Donghee Na in bpo-39329.)

socket

The socket module now exports the CAN_RAW_JOIN_FILTERSconstant on Linux 4.1 and greater. (Contributed by Stefan Tatschner and Zackery Spytz in bpo-25780.)

The socket module now supports the CAN_J1939 protocol on platforms that support it. (Contributed by Karl Ding in bpo-40291.)

The socket module now has the socket.send_fds() andsocket.recv_fds() functions. (Contributed by Joannah Nanjekye, Shinya Okano and Victor Stinner in bpo-28724.)

time

On AIX, thread_time() is now implemented with thread_cputime()which has nanosecond resolution, rather thanclock_gettime(CLOCK_THREAD_CPUTIME_ID) which has a resolution of 10 milliseconds. (Contributed by Batuhan Taskaya in bpo-40192)

sys

Added a new sys.platlibdir attribute: name of the platform-specific library directory. It is used to build the path of standard library and the paths of installed extension modules. It is equal to "lib" on most platforms. On Fedora and SuSE, it is equal to "lib64" on 64-bit platforms. (Contributed by Jan Matějek, Matěj Cepl, Charalampos Stratakis and Victor Stinner in bpo-1294959.)

Previously, sys.stderr was block-buffered when non-interactive. Nowstderr defaults to always being line-buffered. (Contributed by Jendrik Seipp in bpo-13601.)

tracemalloc

Added tracemalloc.reset_peak() to set the peak size of traced memory blocks to the current size, to measure the peak of specific pieces of code. (Contributed by Huon Wilson in bpo-40630.)

typing

PEP 593 introduced an typing.Annotated type to decorate existing types with context-specific metadata and new include_extras parameter totyping.get_type_hints() to access the metadata at runtime. (Contributed by Till Varoquaux and Konstantin Kashin.)

unicodedata

The Unicode database has been updated to version 13.0.0. (bpo-39926).

venv

The activation scripts provided by venv now all specify their prompt customization consistently by always using the value specified by__VENV_PROMPT__. Previously some scripts unconditionally used__VENV_PROMPT__, others only if it happened to be set (which was the default case), and one used __VENV_NAME__ instead. (Contributed by Brett Cannon in bpo-37663.)

xml

White space characters within attributes are now preserved when serializingxml.etree.ElementTree to XML file. EOLNs are no longer normalized to “n”. This is the result of discussion about how to interpret section 2.11 of XML spec. (Contributed by Mefistotelis in bpo-39011.)

Optimizations

Here’s a summary of performance improvements from Python 3.4 through Python 3.9:

Python version 3.4 3.5 3.6 3.7 3.8 3.9

Variable and attribute read access: read_local 7.1 7.1 5.4 5.1 3.9 3.9 read_nonlocal 7.1 8.1 5.8 5.4 4.4 4.5 read_global 15.5 19.0 14.3 13.6 7.6 7.8 read_builtin 21.1 21.6 18.5 19.0 7.5 7.8 read_classvar_from_class 25.6 26.5 20.7 19.5 18.4 17.9 read_classvar_from_instance 22.8 23.5 18.8 17.1 16.4 16.9 read_instancevar 32.4 33.1 28.0 26.3 25.4 25.3 read_instancevar_slots 27.8 31.3 20.8 20.8 20.2 20.5 read_namedtuple 73.8 57.5 45.0 46.8 18.4 18.7 read_boundmethod 37.6 37.9 29.6 26.9 27.7 41.1

Variable and attribute write access: write_local 8.7 9.3 5.5 5.3 4.3 4.3 write_nonlocal 10.5 11.1 5.6 5.5 4.7 4.8 write_global 19.7 21.2 18.0 18.0 15.8 16.7 write_classvar 92.9 96.0 104.6 102.1 39.2 39.8 write_instancevar 44.6 45.8 40.0 38.9 35.5 37.4 write_instancevar_slots 35.6 36.1 27.3 26.6 25.7 25.8

Data structure read access: read_list 24.2 24.5 20.8 20.8 19.0 19.5 read_deque 24.7 25.5 20.2 20.6 19.8 20.2 read_dict 24.3 25.7 22.3 23.0 21.0 22.4 read_strdict 22.6 24.3 19.5 21.2 18.9 21.5

Data structure write access: write_list 27.1 28.5 22.5 21.6 20.0 20.0 write_deque 28.7 30.1 22.7 21.8 23.5 21.7 write_dict 31.4 33.3 29.3 29.2 24.7 25.4 write_strdict 28.4 29.9 27.5 25.2 23.1 24.5

Stack (or queue) operations: list_append_pop 93.4 112.7 75.4 74.2 50.8 50.6 deque_append_pop 43.5 57.0 49.4 49.2 42.5 44.2 deque_append_popleft 43.7 57.3 49.7 49.7 42.8 46.4

Timing loop: loop_overhead 0.5 0.6 0.4 0.3 0.3 0.3

These results were generated from the variable access benchmark script at:Tools/scripts/var_access_benchmark.py. The benchmark script displays timings in nanoseconds. The benchmarks were measured on anIntel® Core™ i7-4960HQ processorrunning the macOS 64-bit builds found atpython.org.

Deprecated

Removed

Porting to Python 3.9

This section lists previously described changes and other bugfixes that may require changes to your code.

Changes in the Python API

Changes in the C API

// This was not needed before Python 3.9 (Python issue 35810 and 40217)
Py_VISIT(Py_TYPE(self));
#endif
}
If your traverse function delegates to tp_traverse of its base class (or another type), ensure that Py_TYPE(self) is visited only once. Note that only heap type are expected to visit the type in tp_traverse.
For example, if your tp_traverse function includes:

base->tp_traverse(self, visit, arg)

then add:

#if PY_VERSION_HEX >= 0x03090000
// This was not needed before Python 3.9 (bpo-35810 and bpo-40217)
if (base->tp_flags & Py_TPFLAGS_HEAPTYPE) {
// a heap type's tp_traverse already visited Py_TYPE(self)
} else {
Py_VISIT(Py_TYPE(self));
}
#else
(See bpo-35810 and bpo-40217 for more information.)

CPython bytecode changes

Build Changes

C API Changes

New Features

Porting to Python 3.9

Removed

(Contributed by Victor Stinner in bpo-38644 and bpo-39542.)

Notable changes in Python 3.9.1

typing

The behavior of typing.Literal was changed to conform with PEP 586and to match the behavior of static type checkers specified in the PEP.

  1. Literal now de-duplicates parameters.
  2. Equality comparisons between Literal objects are now order independent.
  3. Literal comparisons now respect types. For example,Literal[0] == Literal[False] previously evaluated to True. It is now False. To support this change, the internally used type cache now supports differentiating types.
  4. Literal objects will now raise a TypeError exception during equality comparisons if any of their parameters are not hashable. Note that declaring Literal with mutable parameters will not throw an error:

    from typing import Literal
    Literal[{0}]
    Literal[{0}] == Literal[{False}]
    Traceback (most recent call last):
    File "", line 1, in
    TypeError: unhashable type: 'set'

(Contributed by Yurii Karabas in bpo-42345.)

macOS 11.0 (Big Sur) and Apple Silicon Mac support

As of 3.9.1, Python now fully supports building and running on macOS 11.0 (Big Sur) and on Apple Silicon Macs (based on the ARM64 architecture). A new universal build variant, universal2, is now available to natively support both ARM64 and Intel 64 in one set of executables. Binaries can also now be built on current versions of macOS to be deployed on a range of older macOS versions (tested to 10.9) while making some newer OS functions and options conditionally available based on the operating system version in use at runtime (“weaklinking”).

(Contributed by Ronald Oussoren and Lawrence D’Anna in bpo-41100.)

Notable changes in Python 3.9.2

collections.abc

collections.abc.Callable generic now flattens type parameters, similar to what typing.Callable currently does. This means thatcollections.abc.Callable[[int, str], str] will have __args__ of(int, str, str); previously this was ([int, str], str). To allow this change, types.GenericAlias can now be subclassed, and a subclass will be returned when subscripting the collections.abc.Callable type. Code which accesses the arguments via typing.get_args() or __args__need to account for this change. A DeprecationWarning may be emitted for invalid forms of parameterizing collections.abc.Callable which may have passed silently in Python 3.9.1. This DeprecationWarning will become a TypeError in Python 3.10. (Contributed by Ken Jin in bpo-42195.)

urllib.parse

Earlier Python versions allowed using both ; and & as query parameter separators in urllib.parse.parse_qs() andurllib.parse.parse_qsl(). Due to security concerns, and to conform with newer W3C recommendations, this has been changed to allow only a single separator key, with & as the default. This change also affectscgi.parse() and cgi.parse_multipart() as they use the affected functions internally. For more details, please see their respective documentation. (Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin in bpo-42967.)

Notable changes in Python 3.9.3

A security fix alters the ftplib.FTP behavior to not trust the IPv4 address sent from the remote server when setting up a passive data channel. We reuse the ftp server IP address instead. For unusual code requiring the old behavior, set a trust_server_pasv_ipv4_addressattribute on your FTP instance to True. (See gh-87451)

Notable changes in Python 3.9.5

urllib.parse

The presence of newline or tab characters in parts of a URL allows for some forms of attacks. Following the WHATWG specification that updates RFC 3986, ASCII newline \n, \r and tab \t characters are stripped from the URL by the parser in urllib.parse preventing such attacks. The removal characters are controlled by a new module level variableurllib.parse._UNSAFE_URL_BYTES_TO_REMOVE. (See gh-88048)

Notable security feature in 3.9.14

Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE 2020-10735. This limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form.

Notable changes in 3.9.17

tarfile