Python 3.12.12, 3.11.14, 3.10.19 and 3.9.24 are now available!

• Thursday, October 9, 2025 Python 3.12.12, 3.11.14, 3.10.19 and 3.9.24 are now available! • Old-timer Release Party We couldn’t just let Hugo have fun with 3.14.0, so here are new security releases of the venerated Python versions, 3.12 through 3.9! • Security content in these releases XML-related gh-139312: Upgraded bundled libexpat to 2.7.3 to fixCVE-2025-59375 gh-139400:xml.parsers.expat: Made sure that parent Expat parsers are only garbage-collected once they are no longer referenced by subparsers created byExternalEntityParserCreate(). • Archive-related gh-130577:tarfilenow validates archives to ensure member offsets are non-negative. • gh-139700: Now checking consistency of the zip64 end of central directory record. • Added support for records with “zip64 extensible data” if there are no bytes prepended to the ZIP file.

Article Summaries:

• Python has released new security updates for versions 3.12.12, 3.11.14, 3.10.19, and 3.9.24. The updates address multiple vulnerabilities in XML handling, archive processing, and HTML parsing. Key fixes include upgrading libexpat to patch CVE‑2025‑59375, validating tarfile member offsets, improving ZIP64 consistency, and correcting HTML5‑standard parsing in html.parser. Additional patches resolve quadratic‑time parsing issues, comment and CDATA handling, and raw‑text mode support. These releases aim to close security gaps while maintaining compatibility across the Python 3.9‑3.12 series.

Sources:

• https://pythoninsider.blogspot.com/2025/10/python-31212-31114-31019-and-3924-are.html