Python 3.9.3
Release Date: April 2, 2021
This is the third maintenance release of Python 3.9
NOTE: The release you're looking at has been recalled due to unintentional breakage of ABI compatibility with C extensions built in Python 3.9.0 - 3.9.2. Details in bpo-43710. Please use Python 3.9.4 or newer instead.
Python 3.9.3 is an expedited release which includes a number of security fixes and is recommended to all users:
- bpo-43631: high-severity CVE-2021-3449 and CVE-2021-3450 were published for OpenSSL, it's been upgraded to 1.1.1k in CI, and macOS and Windows installers.
- bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
- bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network. Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
- bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo.
Major new features of the 3.9 series, compared to 3.8
Some of the new major new features and changes in Python 3.9 are:
- PEP 573, Module State Access from C Extension Methods
- PEP 584, Union Operators in
dict
- PEP 585, Type Hinting Generics In Standard Collections
- PEP 593, Flexible function and variable annotations
- PEP 602, Python adopts a stable annual release cadence
- PEP 614, Relaxing Grammar Restrictions On Decorators
- PEP 615, Support for the IANA Time Zone Database in the Standard Library
- PEP 616, String methods to remove prefixes and suffixes
- PEP 617, New PEG parser for CPython
- BPO 38379, garbage collection does not block on resurrected objects;
- BPO 38692, os.pidfd_open added that allows process management without races and signals;
- BPO 39926, Unicode support updated to version 13.0.0;
- BPO 1635741, when Python is initialized multiple times in the same process, it does not leak memory anymore;
- A number of Python builtins (range, tuple, set, frozenset, list, dict) are now sped up using PEP 590 vectorcall;
- A number of Python modules (_abc, audioop, _bz2, _codecs, _contextvars, _crypt, _functools, _json, _locale, operator, resource, time, _weakref) now use multiphase initialization as defined by PEP 489;
- A number of standard library modules (audioop, ast, grp, _hashlib, pwd, _posixsubprocess, random, select, struct, termios, zlib) are now using the stable ABI defined by PEP 384.
You can find a more comprehensive list in this release's "What's New" document.
More resources
- Online Documentation
- PEP 596, 3.9 Release Schedule
- Report bugs at https://bugs.python.org.
- Help fund Python and its community.
Where are the files?
The release you're looking at has been recalled due to unintentional breakage of ABI compatibility with C extensions built in Python 3.9.0 - 3.9.2. Details in bpo-43710. Please use Python 3.9.4 or newer instead.
If you really need the files from this release for some particular purpose, you can download them from /ftp/python/.
Files
Version | Operating System | Description | MD5 Sum | File Size |
---|