[Python-Dev] [RELEASE] Python 3.6.3 is now available (original) (raw)

Victor Stinner victor.stinner at gmail.com
Tue Oct 3 16:56:26 EDT 2017

Hi,

Good news: Python 3.6.3 has no more known security vulnerabilities ;-)

Python 3.6.3 fixes two security vulnerabilities:

"urllib FTP protocol stream injection" https://python-security.readthedocs.io/vuln/urllib_ftp_protocol_stream_injection.html

"Expat 2.2.3" (don't impact Linux, since Linux distros use the system expat library) https://python-security.readthedocs.io/vuln/expat_2.2.3.html

Note: I'm not sure that the vulnerabilities fixed in Expat 2.2.2 and Expat 2.2.3 really impacted Python, since Python uses its own entropy source to set the "hash secret", but well, it's usually safer to use a more recent library version :-)

Victor

2017-10-03 22:06 GMT+02:00 Ned Deily <nad at python.org>:

On behalf of the Python development community and the Python 3.6 release team, I am happy to announce the availability of Python 3.6.3, the third maintenance release of Python 3.6. Detailed information about the changes made in 3.6.3 can be found in the change log here:

https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-3-final Please see "What’s New In Python 3.6" for more information about the new features in Python 3.6: https://docs.python.org/3.6/whatsnew/3.6.html You can download Python 3.6.3 here: https://www.python.org/downloads/release/python-363/ The next maintenance release of Python 3.6 is expected to follow in about 3 months, around the end of 2017-12. More information about the 3.6 release schedule can be found here: https://www.python.org/dev/peps/pep-0494/ Enjoy! -- Ned Deily nad at python.org -- []

Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/victor.stinner%40gmail.com

More information about the Python-Dev mailing list