Release Date: June 6, 2023
This is a security release of Python 3.10
Note: The release you're looking at is Python 3.10.12, a security bugfix release for the legacy 3.10 series. Python 3.11 is now the latest feature release series of Python 3. Get the latest release of 3.11.x here.
Security content in this release
- gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727).
urllib.parse.urlsplit()now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329.
- gh-99889: Fixed a security in flaw in
uu.decode()that could allow for directory traversal based on the input if no
- gh-104049: Do not expose the local on-disk location in directory indexes produced by
io.open_code()for files to be executed instead of raw
- gh-102953: The extraction methods in
shutil.unpack_archive(), have a new
filterargument that allows limiting
tarfeatures than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details.
According to the release calendar specified in PEP 619, Python 3.10 is now in the "security fixes only" stage of its life cycle: 3.10 branch only accepts security fixes and releases of those are made irregularly in source-only form until October 2026. Python 3.10 isn't receiving regular bug fixes anymore, and binary installers are no longer provided for it. Python 3.10.11 was the last full bugfix release of Python 3.10 with binary installers.
|Gzipped source tarball
|XZ compressed source tarball