Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
The :mod:`plistlib` module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files.
If the nl_langinfo(CODESET) function returns an empty string, Python now
uses UTF-8 as the filesystem encoding. Patch by Victor Stinner.
Fixed a bug in the PEG parser that was causing crashes in debug mode. Now errors are checked in left-recursive rules to avoid cases where such errors do not get handled in time and appear as long-distance crashes in other places.
Fixed a possible crash in the PEG parser when checking for the '!=' token in
the barry_as_flufl rule. Patch by Pablo Galindo.
Propagate and raise the errors caused by :c:func:`PyAST_Validate` in the parser.
The :mod:`ast` module internal state is now per interpreter. Patch by Victor Stinner.
Fix handling of errors during creation of PyFunctionObject, which
resulted in operations on uninitialized memory. Patch by Yonatan
Goldschmidt.
Fix a bug in the parser, where a curly brace following a primary didn't
fail immediately. This led to invalid expressions like a {b} to throw a
:exc:`SyntaxError` with a wrong offset, or invalid expressions ending with a
curly brace like a { to not fail immediately in the REPL.
Fix possible buffer overflow in the new parser when checking for continuation lines. Patch by Pablo Galindo.
Run the parser two times. On the first run, disable all the rules that only generate better error messages to gain performance. If there's a parse failure, run the parser a second time with those enabled.
The LOAD_ATTR instruction now uses new "per opcode cache" mechanism and
it is about 36% faster now. Patch by Pablo Galindo and Yury Selivanov.
Support for the legacy AIX-specific shared library loading support has been removed. All versions of AIX since 4.3 have supported and defaulted to using the common Unix mechanism instead.
The garbage collector now tracks all user-defined classes. Patch by Brandt Bucher.
Fixed potential issues with removing not completely initialized module from
sys.modules when import fails.
Star-unpacking is now allowed for with item's targets in the PEG parser.
Removed special methods __int__, __float__, __floordiv__,
__mod__, __divmod__, __rfloordiv__, __rmod__ and
__rdivmod__ of the :class:`complex` class. They always raised a
:exc:`TypeError`.
Micro optimization when compute :c:member:`~PySequenceMethods.sq_item` and :c:member:`~PyMappingMethods.mp_subscript` of :class:`range`. Patch by Donghee Na.
When loading a native module and a load failure occurs, prevent a possible UnicodeDecodeError when not running in a UTF-8 locale by decoding the load error message using the current locale's encoding.
Micro optimization for range.index if step is 1. Patch by Donghee Na.
Add sys._current_exceptions() function to retrieve a dictionary mapping
each thread's identifier to the topmost exception currently active in that
thread at the time the function is called.
Enable from __future__ import annotations (PEP 563) by default. The
values found in :attr:`~object.__annotations__` dicts are now strings, for
example {"x": "int"} instead of {"x": int}.
On Solaris, :func:`~time.thread_time` is now implemented with
gethrvtime() because clock_gettime(CLOCK_THREAD_CPUTIME_ID) is not
always available. Patch by Jakub Kulik.
The :func:`repr` of :mod:`typing` types containing :ref:`Generic Alias Types
<types-genericalias>` previously did not show the parameterized types in the
GenericAlias. They have now been changed to do so.
binhex.binhex() consistently writes macOS 9 line endings.
The :class:`logging.FileHandler` class now keeps a reference to the builtin
:func:`open` function to be able to open or reopen the file during Python
finalization. Fix errors like: NameError: name 'open' is not defined.
Patch by Victor Stinner.
Removed the unicodedata.ucnhash_CAPI attribute which was an internal
PyCapsule object. The related private _PyUnicode_Name_CAPI structure was
moved to the internal C API. Patch by Victor Stinner.
Convert the :mod:`unicodedata` extension module to the multiphase
initialization API (PEP 489) and convert the unicodedata.UCD static
type to a heap type. Patch by Mohamed Koubaa and Victor Stinner.
Fix memory leak in :func:`subprocess.Popen` in case an uid (gid) specified
in user (group, extra_groups) overflows uid_t (gid_t).
:exc:`~plistlib.InvalidFileException` and :exc:`RecursionError` are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases).
In importlib.resources, .path method is more aggressive about
releasing handles to zipfile objects early, enabling use-cases like certifi
to leave the context open but delete the underlying zip file.
Pickling heap types implemented in C with protocols 0 and 1 raises now an error instead of producing incorrect data.
In importlib.metadata.PackageNotFoundError, make reference to the
package metadata being missing to improve the user experience.
plistlib: fix parsing XML plists with hexadecimal integer values
Fix an incorrectly formatted error from :meth:`!_codecs.charmap_decode` when called with a mapped value outside the range of valid Unicode code points. PR by Max Bernstein.
Fix pickling pure Python :class:`datetime.time` subclasses. Patch by Dean Inwood.
:meth:`sched.scheduler.cancel` will now cancel the correct event, if two events with same priority are scheduled for the same time. Patch by Bar Harel.
:func:`textwrap.wrap` now attempts to break long words after hyphens when
break_long_words=True and break_on_hyphens=True.
Use vfork() instead of fork() for :func:`subprocess.Popen` on Linux
to improve performance in cases where it is deemed safe.
Add support for zipfile.Path inheritance. zipfile.Path.is_file() now
returns False for non-existent names. zipfile.Path objects now expose a
.filename attribute and rely on that to resolve .name and
.parent when the Path object is at the root of the zipfile.
Fix possible ref leaks in :mod:`sqlite3` module init.
Fixed tests using IsolatedAsyncioTestCase from hanging on BaseExceptions.
Fixed a bug that was causing :func:`ctypes.util.find_library` to return
None when triying to locate a library in an environment when gcc>=9 is
available and ldconfig is not. Patch by Pablo Galindo
Fix bug where TestCase.assertLogs doesn't correctly filter messages by level.
Implement PEP 613, introducing :data:`typing.TypeAlias` annotation.
A new function in abc: update_abstractmethods to re-calculate an abstract class's abstract status. In addition, dataclass has been changed to call this function.
Added newline parameter to pathlib.Path.write_text().
Tkinter font class repr uses font name
str() for the type attribute of the tkinter.Event object always
returns now the numeric code returned by Tk instead of the name of the event
type.
:func:`encodings.normalize_encoding` now ignores non-ASCII characters.
Ensure all methods that generated from :func:`dataclasses.dataclass` objects
now have the proper __qualname__ attribute referring to the class they
belong to. Patch by Batuhan Taskaya.
Handle exceptions caused by unparsable date headers when using email "default" policy. Patch by Tim Bell, Georges Toth
Add F_SETPIPE_SZ and F_GETPIPE_SZ to fcntl module. Allow setting pipesize on subprocess.Popen.
Add contextlib.aclosing for deterministic cleanup of async generators
which is analogous to contextlib.closing for non-async generators. Patch
by Joongi Kim and John Belmonte.
Allow ctypes.wintypes to be imported on non-Windows systems.
Add a key function to the bisect module.
:func:`shutil.which` now ignores empty entries in :envvar:`PATHEXT` instead of treating them as a match.
Fix --outfile for :mod:`cProfile` / :mod:`profile` not writing the
output file in the original directory when the program being profiled
changes the working directory. PR by Anthony Sottile.
The :mod:`shelve` module now uses :const:`pickle.DEFAULT_PROTOCOL` by default
instead of :mod:`pickle` protocol 3.
Fixed KeyError exception when flattening an email to a string attempts to replace a non-existent Content-Transfer-Encoding header.
The :mod:`http.cookiejar` module now supports the parsing of cookies in CURL-style cookiejar files through MozillaCookieJar on all platforms. Previously, such cookie entries would be silently ignored when loading a cookiejar with such entries.
Additionally, the HTTP Only attribute is persisted in the object, and will be correctly written to file if the MozillaCookieJar object is subsequently dumped.
Document __format__ functionality for IP addresses.
Document the default implementation of object.__eq__.
Clarify that subscription expressions are also valid for certain :term:`classes <class>` and :term:`types <type>` in the standard library, and for user-defined classes and types if the classmethod :meth:`__class_getitem__` is provided.
Documented :ref:`generic alias type <types-genericalias>` and :data:`types.GenericAlias`. Also added an entry in glossary for :term:`generic types <generic type>`.
Fix tarfile's extractfile documentation
Document some restrictions on the default string representations of numeric classes.
Fix test_logging.test_race_between_set_target_and_flush(): the test now waits until all threads complete to avoid leaking running threads.
Avoid a test failure in test_lib2to3 if the module has already imported
at the time the test executes. Patch by Pablo Galindo.
Tests for CJK codecs no longer call eval() on content received via HTTP.
Fixed a failure in test_tk.test_widgets.ScaleTest happening when
executing the test with Tk 8.6.10.
Add -fno-semantic-interposition to both the compile and link line when
building with --enable-optimizations. Patch by Victor Stinner and Pablo
Galindo.
Updates the icons for IDLE in the Windows Store package.
Use 8-byte step to detect ASCII sequence in 64-bit Windows build.
Update Tcl and Tk to 8.6.10 in Windows installer.
Update Windows installer to use SQLite 3.33.0.
Avoid Unicode errors when accessing certain locale data on Windows.
Ignore invalid prefix lengths in system proxy excludes.
Mostly finish using ttk widgets, mainly for editor, settings, and searches. Some patches by Mark Roseman.
Typing opening and closing parentheses inside the parentheses of a function call will no longer cause unnecessary "flashing" off and on of an existing open call-tip, e.g. when typed in a string literal.
Add a 256×256 pixel IDLE icon to the Windows .ico file. Created by Andrew Clover. Remove the low-color gif variations from the .ico file.
The private _PyUnicode_Name_CAPI structure of the PyCapsule API
unicodedata.ucnhash_CAPI has been moved to the internal C API. Patch by
Victor Stinner.
Fix potential crash in deallocating method objects when dynamically
allocated :c:type:`PyMethodDef`'s lifetime is managed through the self argument
of a :c:type:`PyCFunction`.
The :mod:`subprocess` module and os.closerange will now use the
close_range(low, high, flags) syscall when it is available for more
efficient closing of ranges of descriptors.
:c:func:`PyObject_GenericGetDict` is available again in the limited API when targeting 3.10 or later.
Add _Py_closerange function to provide performant closing of a range of
file descriptors.
:c:data:`!Py_FileSystemDefaultEncodeErrors` and :c:data:`!Py_UTF8Mode` are available again in limited API.
Add PyIter_Send function to allow sending value into
generator/coroutine/iterator without raising StopIteration exception to
signal return.
Added PyUnicode_AsUTF8AndSize to the limited C API.