Release Date: June 6, 2023
This is a security release of Python 3.7
Note: The release you are looking at is Python 3.7.17, the final security bugfix release for the legacy 3.7 series which has now reached end-of-life and is no longer supported. See the downloads page for currently supported versions of Python.
Security content in this release
- gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727).
urllib.parse.urlsplit()now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329.
- gh-99889: Fixed a security flaw in
uu.decode()that could allow for directory traversal based on the input if no
- gh-104049: Do not expose the local on-disk location in directory indexes produced by
subprocess.Popennow uses a safer approach to find
cmd.exewhen launching with
According to the release calendar specified in PEP 537, Python 3.7 is now in the "security fixes only" stage of its life cycle: 3.7 branch only accepts security fixes and releases of those are made irregularly in source-only form until June 2023. Python 3.7 does not receive regular bug fixes anymore, and binary installers are no longer provided for it. Python 3.7.9 was the last full bugfix release of Python 3.7 with binary installers.
|Gzipped source tarball
|XZ compressed source tarball