Hot on the heels of the previous updates, the Python team has rolled out two new maintenance releases—version 3.14.2 and 3.13.11—to address critical regressions and bolster security. These expedited patches come just three days after the last release, showing the core developers' dedication to stability and safety. Below, we answer key questions about what these updates include, why they were rushed, and how they affect your Python projects.
1. Why were Python 3.14.2 and 3.13.11 released so quickly after the previous versions?
The rapid follow‑ups were triggered by several regressions discovered in the earlier releases. Python’s release team prioritizes fixing issues that break existing functionality or cause crashes. Specific problems – such as exceptions in multiprocessing, dataclasses without __init__, segmentation faults in insertdict, and crashes involving re.Scanner with multiple capturing groups – required immediate attention. Additionally, security vulnerabilities were identified and patched. To minimize disruption for users and maintain a reliable environment, the team expedited these minor releases.
2. What are the main regressions fixed in Python 3.14.2?
Python 3.14.2 resolves four specific regressions:
- Multiprocessing exceptions (gh-142206): Programs using multiprocessing could throw unexpected errors while upgrading Python.
- Dataclasses without __init__ (gh-142214): Creating dataclasses that lack an explicit
__init__method no longer triggers exceptions. - Segmentation faults in insertdict (gh-142218): The dictionary insertion logic caused crashes or assertion failures in some cases.
- re.Scanner crash (gh-140797): Using multiple capturing groups in a scanner could lead to a crash.
These fixes restore stability for affected workflows and are critical for developers relying on these features.
3. What security vulnerabilities have been patched in these releases?
Both Python 3.14.2 and 3.13.11 include fixes for two security issues. The first is a quadratic behavior in node ID cache clearing (CVE‑2025‑12084, gh-142145), which could be exploited for a denial‑of‑service attack. The second is a potential virtual memory allocation denial of service in http.server (gh-119452). Python 3.13.11 additionally fixes a similar denial‑of‑service vector in http.client (gh-119451). These patches ensure that the built‑in HTTP modules are safe from resource‑exhaustion attacks.
4. How does Python 3.13.11 differ from 3.14.2 in terms of fixes?
Both releases share several fixes: the multiprocessing exception, the insertdict segmentation fault, the re.Scanner crash, and the two security vulnerabilities related to cache clearing and http.server. However, Python 3.13.11 also includes an extra security patch for http.client (gh-119451) and does not include the dataclasses regression fix (gh-142214) because that issue was specific to the 3.14 series. Also, 3.13.11 is the eleventh maintenance release for the 3.13 branch, while 3.14.2 is only the second maintenance release for the newer 3.14 line.
5. Where can I download these new Python versions?
The official downloads are available on the Python website:
Each page provides installers for various platforms, source code, and detailed release notes. As always, it is recommended to upgrade to these latest versions to benefit from the fixes and security patches.
6. Who is behind these releases, and how can I contribute to Python development?
These releases were prepared by the Python release team: Hugo van Kemenade, Thomas Wouters, Ned Deily, Steve Dower, and Łukasz Langa. They extend thanks to all the volunteers who make Python development possible. Users interested in contributing can volunteer their time or encourage their organizations to support the Python Software Foundation. Even small contributions help maintain the language we all rely on.