3.15.0b2 - Cpython — ContextQMD

.. date: 2026-05-11-21-15-07 .. gh-issue: 149698 .. nonce: OudOcW .. release date: 2026-06-02 .. section: Security

Update bundled libexpat <https://libexpat.github.io/>_ to version 2.8.1 for the fix for :cve:2026-45186.

.. date: 2026-05-10-18-05-32 .. gh-issue: 87451 .. nonce: XkKB6M .. section: Security

The :mod:ftplib module's undocumented ftpcp function no longer trusts the IPv4 address value returned from the source server in response to the PASV command by default, completing the fix for CVE-2021-4189. As with :class:ftplib.FTP, the former behavior can be re-enabled by setting the trust_server_pasv_ipv4_address attribute on the source :class:ftplib.FTP instance to True. Thanks to Qi Deng at Aurascape AI for the report.

.. date: 2026-05-08-02-18-54 .. gh-issue: 149474 .. nonce: ujQ-mu .. section: Security

Fix the binary writer in :mod:profiling.sampling not firing the audit (:pep:578) when creating the output file. The writer and the reader now accept any path-like object. Patch by Maurycy Pawłowski-Wieroński.

.. date: 2026-05-03-21-00-00 .. gh-issue: 149486 .. nonce: tarflt .. section: Security

:func:tarfile.data_filter now validates link targets using the same normalised value that is written to disk, strips trailing separators from the member name when resolving a symlink's directory, and rejects link members that would replace the destination directory itself. This closes several path-traversal bypasses of the data extraction filter.

.. date: 2026-04-27-16-36-11 .. gh-issue: 149079 .. nonce: vKl-LM .. section: Security

Fix a potential denial of service in :func:unicodedata.normalize. The canonical ordering step of Unicode normalization used a quadratic-time insertion sort for reordering combining characters, which could be exploited with crafted input containing many combining characters in non-canonical order. Replaced with a linear-time counting sort for long runs.

.. date: 2026-04-26-19-30-45 .. gh-issue: 149018 .. nonce: a9SqWb .. section: Security

Improved protection against XML hash-flooding attacks in :mod:xml.parsers.expat and :mod:xml.etree.ElementTree when Python is compiled with libExpat 2.8.0 or later.

.. date: 2026-05-25-16-00-22 .. gh-issue: 150374 .. nonce: Emu6d8 .. section: Core and Builtins

Fix double release of the import lock on lazy import reification errors.

.. date: 2026-05-24-14-45-00 .. gh-issue: 149156 .. nonce: NP73rB .. section: Core and Builtins

Fix an intermittent crash after :func:os.fork when perf trampoline profiling is enabled and the child returns through trampoline frames inherited from the parent process.

.. date: 2026-05-23-22-08-01 .. gh-issue: 149449 .. nonce: 2lhQFF .. section: Core and Builtins

Fix a use-after-free crash when the :mod:unicodedata module was removed from :data:sys.modules and garbage-collected between calls that decode \N{...} escapes or use the namereplace codec error handler.

.. date: 2026-05-22-17-09-28 .. gh-issue: 150107 .. nonce: GD72-D .. section: Core and Builtins

:mod:asyncio: sendfile() and sock_sendfile() event loop methods now call file.seek(offset) if file has a seek() method, even if offset is 0 (default value).

.. date: 2026-05-20-13-06-17 .. gh-issue: 150146 .. nonce: i5m_SL .. section: Core and Builtins

Fix a crash on a complex type variable substitution.

from typing import TypeVar; memoryview[TypeVar("")][*typing.Mapping[..., ...]] used to fail due to missing NULL check on _unpack_args C function call.

.. date: 2026-05-18-18-36-28 .. gh-issue: 148587 .. nonce: -RD3z5 .. section: Core and Builtins

:py:attr:sys.lazy_modules is now a set instead of a dict as initially spelled out in PEP 810.

.. date: 2026-05-18-16-54-54 .. gh-issue: 150042 .. nonce: LSr5W8 .. section: Core and Builtins

Fix refleak in queue.SimpleQueue.put if memory allocation fails.

.. date: 2026-05-18-13-47-17 .. gh-issue: 149590 .. nonce: IPBeQx .. section: Core and Builtins

Fix crash when faulthandler is imported more than once.

.. date: 2026-05-16-11-03-54 .. gh-issue: 149816 .. nonce: X_gqMT .. section: Core and Builtins

Fix a race condition in _PyBytes_FromList in free-threading mode.

.. date: 2026-05-15-11-31-57 .. gh-issue: 149816 .. nonce: ugN2rx .. section: Core and Builtins

Fix a race condition in :class:memoryview with free-threading.

.. date: 2026-05-14-19-41-03 .. gh-issue: 149807 .. nonce: IwGaCo .. section: Core and Builtins

Fix hash(frozendict): compute the hash of each (key, value) pair correctly. Patch by Victor Stinner.

.. date: 2026-05-13-06-54-41 .. gh-issue: 149738 .. nonce: 4BLFoH .. section: Core and Builtins

:mod:sqlite3: Disallow removing row_factory and text_factory attributes of a connection to prevent a crash on a query.

.. date: 2026-05-12-16-47-23 .. gh-issue: 139808 .. nonce: iIs7_E .. section: Core and Builtins

Add branch protections for AArch64 (BTI/PAC) in assembly code used by :option:-X perf_jit <-X> (Linux perf profiler integration).

.. date: 2026-05-11-14-48-56 .. gh-issue: 149676 .. nonce: 6aTrw1 .. section: Core and Builtins

Fix frozendict | frozendict hash.

.. date: 2026-05-10-16-43-50 .. gh-issue: 148829 .. nonce: gscS14 .. section: Core and Builtins

:class:sentinel objects now support a repr= argument and their :attr:~sentinel.__module__ attribute is writable.

.. date: 2026-05-10-07-42-36 .. gh-issue: 149642 .. nonce: 6ZksML .. section: Core and Builtins

Allow imports inside exec() calls within functions under PYTHON_LAZY_IMPORTS=all.

.. date: 2026-05-09-15-22-32 .. gh-issue: 144957 .. nonce: u1F2aQ .. section: Core and Builtins

Fix lazy from imports of module attributes provided by module-level __getattr__.

.. date: 2026-05-07-03-18-59 .. gh-issue: 149459 .. nonce: 5fhAqP .. section: Core and Builtins

Fix a crash in the JIT optimizer when a specialized LOAD_SPECIAL guard deoptimized after inserting the synthetic NULL stack entry.

.. date: 2026-04-15-15-48-04 .. gh-issue: 148450 .. nonce: 2MEVqH .. section: Core and Builtins

Fix abc.register() so it invalidates type version tags for registered classes.

.. date: 2026-05-31-17-47-30 .. gh-issue: 150685 .. nonce: EBB2mU .. section: Library

Update bundled pip to 26.1.2

.. date: 2026-05-27-11-18-36 .. gh-issue: 150228 .. nonce: pNPiO- .. section: Library

The new :class:site.StartupState class lets callers batch-process :pep:829 startup configuration files across multiple site directories before any startup code runs, with public :meth:~site.StartupState.addsitedir, :meth:~site.StartupState.addusersitepackages, :meth:~site.StartupState.addsitepackages, and :meth:~site.StartupState.process methods. The signature of :func:site.addsitedir is unchanged from Python 3.14. The :data:!defer_processing_start_files argument and the process_startup_files() function added earlier in the 3.15 cycle have been removed; use :class:!site.StartupState instead.

.. date: 2026-05-25-17-00-00 .. gh-issue: 150406 .. nonce: jF3g63 .. section: Library

Fix a possible crash occurring during :mod:socket module initialization when the system is out of memory on platforms without a reentrant gethostbyname.

.. date: 2026-05-25-07-22-05 .. gh-issue: 150372 .. nonce: 9hLqhe .. section: Library

:mod:readline: Fix a potential crash during tab completion caused by an out-of-memory error during module initialization.

.. date: 2026-05-21-20-47-45 .. gh-issue: 150157 .. nonce: ZvmO-bQZ .. section: Library

Fix a crash in free-threaded builds that occurs when pickling by name objects without a __module__ attribute while :data:sys.modules is concurrently being modified.

.. date: 2026-05-21-11-25-58 .. gh-issue: 150175 .. nonce: 8H4Caz .. section: Library

Fix race condition in :class:unittest.mock.ThreadingMock where concurrent calls could lose increments to call_count and other attributes due to a missing lock in _increment_mock_call.

.. date: 2026-05-19-19-00-49 .. gh-issue: 84353 .. nonce: ZU5zaQ .. section: Library

Preserve non-UTF-8 encoded filenames when appending to a :class:zipfile.ZipFile. Previously, non-ASCII names stored in a legacy encoding (without the UTF-8 flag bit set) could be corrupted when the central directory was rewritten: they were decoded as cp437 and then re-stored as UTF-8.

.. date: 2026-05-18-17-17-20 .. gh-issue: 149189 .. nonce: a8IooK .. section: Library

Revert the changes to :mod:pprint defaults. Patch by Hugo van Kemenade.

.. date: 2026-05-18-07-44-46 .. gh-issue: 149995 .. nonce: vvtFHn .. section: Library

Update various docstrings in :mod:typing.

.. date: 2026-05-17-22-37-02 .. gh-issue: 88726 .. nonce: BAoL6j .. section: Library

The :mod:email package now uses standard MIME charset names "gb2312" and "big5" instead of non-standard names "eucgb2312_cn" and "big5_tw".

.. date: 2026-05-17-02-25-56 .. gh-issue: 149571 .. nonce: LNyuWJ .. section: Library

Fix the C implementation of :meth:xml.etree.ElementTree.Element.itertext: it no longer emits text for comments and processing instructions.

.. date: 2026-05-16-21-08-33 .. gh-issue: 149921 .. nonce: I1yNML .. section: Library

Fix reference leaks in error paths of the :mod:!_interpchannels and :mod:!_interpqueues extension modules.

.. date: 2026-05-15-18-44-20 .. gh-issue: 142349 .. nonce: fHK3v1 .. section: Library

Add :keyword:lazy to the list of support topic by :func:help.

.. date: 2026-05-15-16-28-00 .. gh-issue: 149819 .. nonce: fixpth .. section: Library

Fix regression in :func:site.addsitedir where .pth files were no longer processed in Python subprocesses. This happened because :func:site.main seeded known_paths with entries inherited from the parent process, causing addsitedir to skip .pth processing.

.. date: 2026-05-14-15-55-28 .. gh-issue: 149816 .. nonce: ZaXQ0q .. section: Library

Fix a race condition in _random.Random.__init__ method in free-threading mode.

.. date: 2026-05-13-23-18-39 .. gh-issue: 149801 .. nonce: S_FfGr .. section: Library

Add IANA registered names and aliases with leading zeros before number (like IBM00858, CP00858, IBM01140, CP01140) for corresponding codecs.

.. date: 2026-05-12-13-03-45 .. gh-issue: 149718 .. nonce: SaM1NJ .. section: Library

Coalesce consecutive identical stack frames in Tachyon, so aggregating collectors (pstats, collapsed, flamegraph, gecko) receive one collect. Improves sample rate 3x, error rate and missed rate drop by 70%. Patch by Maurycy Pawłowski-Wieroński.

.. date: 2026-05-12-06-24-54 .. gh-issue: 149701 .. nonce: 8v9RTm .. section: Library

Fix bad return code from Lib/venv/bin/activate if hashing is disabled

.. date: 2026-05-10-23-51-23 .. gh-issue: 149504 .. nonce: pDSCbn .. section: Library

Fix :func:site.addsitedir to allow re-entrant calls from within startup files. Previously, a .pth file containing an import line that called :func:site.addsitedir (or a .start entry point doing the same) could crash with RuntimeError: dictionary changed size during iteration during site initialization, breaking tools such as uv run --with.

.. date: 2026-05-10-19-26-50 .. gh-issue: 149584 .. nonce: x7Qm9A .. section: Library

Fix excessive overhead in the Tachyon profiler when inspecting a remote process by avoiding repeated remote page-cache scans, batching predicted remote reads, and reusing cached profiler result objects. Patch by Pablo Galindo and Maurycy Pawłowski-Wieroński.

.. date: 2026-05-10-07-21-51 .. gh-issue: 139489 .. nonce: rS7LTA .. section: Library

Add :func:xml.is_valid_text to xml.__all__.

.. date: 2026-05-09-21-02-08 .. gh-issue: 149614 .. nonce: U4snj3 .. section: Library

Fix a regression that broke the ability to deepcopy :class:argparse.ArgumentParser instances.

.. date: 2026-05-08-15-08-35 .. gh-issue: 112821 .. nonce: t9T1YD .. section: Library

In the REPL, autocompletion might run arbitrary code in the getter of a descriptor. If that getter raised an exception, autocompletion would fail to present any options for the entire object. Autocompletion now works as expected for these objects.

.. date: 2026-05-08-09-11-48 .. gh-issue: 149534 .. nonce: Tw7eeY .. section: Library

Fix merging of :class:collections.defaultdict and :class:frozendict.

.. date: 2026-05-07-21-58-17 .. gh-issue: 149388 .. nonce: DDBPeA .. section: Library

Make :class:!asyncio.windows_utils.PipeHandle closing idempotent.

.. date: 2026-05-07-14-18-47 .. gh-issue: 149489 .. nonce: bX9iHe .. section: Library

Fix :mod:~xml.etree.ElementTree serialization to HTML. The content of comments, processing instructions and elements "xmp", "iframe", "noembed", "noframes", and "plaintext" is no longer escaped. The "plaintext" element no longer have the closing tag. Add support of empty attributes (with value None).

.. date: 2026-04-29-08-10-17 .. gh-issue: 149056 .. nonce: jnaD4W .. section: Library

Fix :func:json.load not forwarding the array_hook argument to :func:json.loads. Patch by Thomas Kowalski.

.. date: 2026-04-27-11-12-00 .. gh-issue: 149046 .. nonce: 74shDd .. section: Library

:mod:io: Fix :class:io.StringIO serialization: no longer call str(obj) on :class:str subclasses. Patch by Thomas Kowalski.

.. date: 2026-04-23-12-50-15 .. gh-issue: 148441 .. nonce: zvpCkR .. section: Library

:mod:xml.parsers.expat: prevent a crash in :meth:~xml.parsers.expat.xmlparser.CharacterDataHandler when the character data size exceeds the parser's :attr:buffer size <xml.parsers.expat.xmlparser.buffer_size>.

.. date: 2026-03-26-09-30-00 .. gh-issue: 146452 .. nonce: Y2N6qZ8J .. section: Library

Fix segfault in :mod:pickle when pickling a dictionary concurrently mutated by another thread in the free-threaded build.

.. date: 2025-08-30-07-44-30 .. gh-issue: 86533 .. nonce: pathlib .. section: Library

The :func:os.makedirs function and :meth:pathlib.Path.mkdir method now have a parent_mode parameter to specify the mode for intermediate directories when creating parent directories. This allows one to match the behavior from Python 3.6 and earlier for :func:os.makedirs.

.. date: 2025-05-19-21-08-25 .. gh-issue: 134261 .. nonce: ravGYm .. section: Library

zip: On reproducible builds, ZipFile uses UTC instead of the local time when writing file datetimes to avoid underflows.

.. date: 2025-05-19-20-29-35 .. gh-issue: 133998 .. nonce: KmElUw .. section: Library

Fix :exc:struct.error exception when creating a file with :class:gzip.GzipFile or compressing data with :func:gzip.compress if the system time is outside the range 00:00:00 UTC, January 1, 1970 through 06:28:15 UTC, February 7, 2106, or explicitly passed mtime argument is outside the range 0 to 2**32-1.

.. date: 2025-03-01-13-36-02 .. gh-issue: 128110 .. nonce: 9wx_G0 .. section: Library

Fix bug in the parsing of :mod:email address headers that could result in extraneous spaces in the decoded text when using a modern email policy. Space between pairs of adjacent :rfc:2047 encoded-words is now ignored, per section 6.2 (and consistent with existing parsing of unstructured headers like Subject).

.. date: 2024-11-02-02-02-31 .. gh-issue: 107398 .. nonce: uUtA6Q .. section: Library

Fix :mod:tarfile stream mode exception when process the file with the gzip extra field.

.. date: 2024-07-02-20-57-43 .. gh-issue: 121109 .. nonce: Tp6R2s .. section: Library

Fix :mod:tarfile performance issue when reading archives in streaming mode (e.g. r|*).

.. bpo: 45509 .. date: 2021-10-18-13-46-55 .. nonce: Upwb60 .. section: Library

Gzip headers are now checked for corrupted NAME, COMMENT and HCRC fields.

.. date: 2026-05-25-15-39-53 .. gh-issue: 150387 .. nonce: yzZ7jq .. section: Tests

Fix hang in test.test_profiling.test_sampling_profiler.test_live_collector_ui.TestLiveModeErrors.test_run_failed_script_live on slow buildbots. The test now always queues a final q keystroke so the live TUI loop exits even when the profiler collects enough samples to enter the post-finished input loop.

.. date: 2026-05-13-14-53-23 .. gh-issue: 149776 .. nonce: orqgsn .. section: Tests

Fix test_socket on Linux kernel 7.1 and newer: skip UDP Lite tests if it's not supported. Patch by Victor Stinner.

.. date: 2026-05-21-15-14-59 .. gh-issue: 148294 .. nonce: VtFaW4 .. section: Build

Corrected the use of AC_PATH_TOOL in configure.ac to allow a C++ compiler to be found on :envvar:!PATH.

.. date: 2026-05-18-16-00-41 .. gh-issue: 148260 .. nonce: UwFiIX .. section: Build

On Linux when Python is linked to the musl C library, use a thread stack size of at least 1 MiB instead of musl default which is 128 kiB. Patch by Victor Stinner.

.. date: 2026-05-14-22-09-46 .. gh-issue: 149786 .. nonce: UI-HZM .. section: Windows

Fixes virtual environment launchers on Windows free-threaded builds.

.. date: 2026-05-06-21-36-53 .. gh-issue: 124111 .. nonce: m4OBX8 .. section: Windows

Updated Windows builds to use Tcl/Tk 9.0.3.

.. date: 2026-04-29-14-44-51 .. gh-issue: 138489 .. nonce: 234aj6 .. section: Windows

Windows distributions now include a :file:build-details.json file (see :pep:739). The legacy installer does not install it, but all other distributions from python.org and all preset configurations in the PC\layout script will include one.

.. date: 2026-04-26-23-14-45 .. gh-issue: 149029 .. nonce: oPTXP4 .. section: Windows

Update Windows installer to ship with SQLite 3.53.1.

.. date: 2026-05-31-10-40-00 .. gh-issue: 150644 .. nonce: zLWyjj .. section: macOS

When system logging is enabled (with config.use_system_logger, messages are now tagged as public. This allows the macOS 26 system logger to view messages without special configuration.

.. date: 2026-04-26-23-15-09 .. gh-issue: 149029 .. nonce: Lsx--T .. section: macOS

Update macOS installer to ship with SQLite version 3.53.1.

.. date: 2026-05-22-18-51-09 .. gh-issue: 150258 .. nonce: dh8GVK .. section: Tools/Demos

Update the tooltip on the Tachyon flame graph to show both absolute and relative percentages.

.. date: 2026-05-12-16-47-21 .. gh-issue: 149725 .. nonce: HZLBTZ .. section: C API

Add :c:func:PySentinel_CheckExact for exact :class:sentinel type tests to accompany the existing :c:func:PySentinel_Check.

.. date: 2026-02-25-13-37-10 .. gh-issue: 145235 .. nonce: -1ySNR .. section: C API

Made :c:func:PyDict_AddWatcher, :c:func:PyDict_ClearWatcher, :c:func:PyDict_Watch, and :c:func:PyDict_Unwatch thread-safe on the :term:free threaded <free threading> build.