macOS

• gh-124111: Update macOS installer to use Tcl/Tk 8.6.16.
• gh-131423: Update macOS installer to use OpenSSL 3.0.16. Patch by Bénédikt Tran.
• gh-131025: Update macOS installer to ship with SQLite 3.49.1.
• gh-91132: Update macOS installer to use ncurses 6.5. Windows
• gh-131423: Update bundled version of OpenSSL to 3.0.16. The new build also disables uplink support, which may be relevant to embedders but has no impact on normal use.
• gh-131025: Update Windows installer to ship with SQLite 3.49.1.
• gh-131020: pylauncher correctly detects a BOM when searching for the shebang. Fix by Chris Eibl. Tools/Demos
• gh-131852: msgfmt no longer adds the POT-Creation-Date to generated .mo files for consistency with GNU msgfmt.
• gh-85012: Correctly reset msgctxt when compiling messages in msgfmt. Tests
• gh-131050: test_ssl.test_dh_params is skipped if the underlying TLS library does not support finite-field ephemeral Diffie-Hellman.
• gh-119727: Add --single-process command line option to Python test runner (regrtest). Patch by Victor Stinner. Security
• gh-131809: Update bundled libexpat to 2.7.1
• gh-131261: Upgrade to libexpat 2.7.0
• gh-127371: Avoid unbounded buffering for tempfile.SpooledTemporaryFile.writelines(). Previously, disk spillover was only checked after the lines iterator had been exhausted. This is now done after each line is written.
• gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. Library
• gh-116608: undeprecate functional API for importlib.resources
• gh-132075: Fix possible use of socket address structures with uninitialized members. Now all structure members are initialized with zeroes by default.
• gh-132002: Fix crash when deallocating contextvars.ContextVar with weird unahashable string names.
• gh-131668: socket: Fix code parsing AF_BLUETOOTH socket addresses.
• gh-131492: Fix a resource leak when constructing a gzip.GzipFile with a filename fails, for example when passing an invalid compresslevel.
• gh-131325: Fix sendfile fallback implementation to drain data after writing to transport in asyncio.
• gh-129843: Fix incorrect argument passing in warnings.warn_explicit().
• gh-131204: Use monospace font from System Font Stack for cross-platform support in difflib.HtmlDiff.
• gh-131045: Fix issue with contains, values, and pseudo-members for enum.Flag.
• gh-130959: Fix pure-Python implementation of datetime.time.fromisoformat() to reject times with spaces in fractional part (for example, 12:34:56.400 +02:00), matching the C implementation. Patch by Michał Gorny.
• gh-130637: Add validation for numeric response data in poplib.POP3.stat() method
• gh-130461: Remove .. index:: directives from the uuid module documentation. These directives previously created entries in the general index for getnode() as well as the uuid1(), uuid3(), uuid4(), and uuid5() constructor functions.
• gh-130285: Fix corner case for random.sample() allowing the counts parameter to specify an empty population. So now, sample([], 0, counts=[]) and sample('abc', k=0, counts=[0, 0, 0]) both give the same result as sample([], 0).
• gh-130250: Fix regression in traceback.print_last().
• gh-118761: Reverts a change in the previous release attempting to make some stdlib imports used within the subprocess module lazy as this was causing errors during del finalizers calling methods such as terminate, or kill, or send_signal.
• gh-130164: Fixed failure to raise TypeError in inspect.Signature.bind() for positional-only arguments provided by keyword when a variadic keyword argument (e.g. **kwargs) is present.
• gh-130151: Fix reference leaks in _hashlib.hmac_new() and _hashlib.hmac_digest(). Patch by Bénédikt Tran.
• gh-129726: Fix gzip.GzipFile raising an unraisable exception during garbage collection when referring to a temporary object by breaking the reference loop with weakref.
• gh-129583: Update bundled pip to 25.0.1
• gh-97850: Update the deprecation warning of importlib.abc.Loader.load_module().
• gh-129603: Fix bugs where sqlite3.Row objects could segfault if their inherited description was set to None. Patch by Erlend Aasland.
• gh-117779: Fix reading duplicated entries in zipfile by name. Reading duplicated entries (except the last one) by ZipInfo now emits a warning instead of raising an exception.
• gh-128772: Fix pydoc for methods with the module attribute equal to None.
• gh-92897: Scheduled the deprecation of the check_home argument of sysconfig.is_python_build() to Python 3.15.
• gh-128703: Fix mimetypes.guess_type() to use default mapping for empty Content-Type in registry.
• gh-126037: xml.etree.ElementTree: Fix a crash in Element.find, Element.findtext and Element.findall when the tag to find implements an eq() method mutating the element being queried. Patch by Bénédikt Tran.
• gh-127712: Fix handling of the secure argument of logging.handlers.SMTPHandler.
• gh-126033: xml.etree.ElementTree: Fix a crash in Element.remove when the element is concurrently mutated. Patch by Bénédikt Tran.
• gh-125553: Fix round-trip invariance for backslash continuations in tokenize.untokenize().
• gh-101137: Mime type text/x-rst is now supported by mimetypes.
• gh-113238: Add Anchor to importlib.resources (in order for the code to comply with the documentation)
• gh-89039: When replace() method is called on a subclass of datetime, date or time, properly call derived constructor. Previously, only the base class’s constructor was called. Also, make sure to pass non-zero fold values when creating subclasses in various methods. Previously, fold was silently ignored. IDLE
• gh-129873: Simplify displaying the IDLE doc by only copying the text section of idle.html to idlelib/help.html. Patch by Stan Ulbrych. Documentation
• gh-131417: Mention asyncio.Future and asyncio.Task in generic classes list.
• gh-125722: Require Sphinx 8.2.0 or later to build the Python documentation. Patch by Adam Turner.
• gh-129712: The wheel tags supported by each macOS universal SDK option are now documented.
• gh-46236: C API: Document PyUnicode_RSplit(), PyUnicode_Partition() and PyUnicode_RPartition(). Core and Builtins
• gh-131670: Fix anext() failing on sync anext() raising an exception.
• gh-130809: Fixed an issue where _PyFrame_LocalsToFast tries to write module level values to hidden fasts.
• gh-130775: Do not crash on negative column and end_column in ast locations.
• gh-130618: Fix a bug that was causing UnicodeDecodeError or SystemError to be raised when using f-strings with lambda expressions with non-ASCII characters. Patch by Pablo Galindo
• gh-130163: Fix possible crashes related to concurrent change and use of the sys module attributes.
• gh-88887: Fixing multiprocessing Resource Tracker process leaking, usually observed when running Python as PID 1.
• gh-116042: Fix location for SyntaxErrors of invalid escapes in the tokenizer. Patch by Pablo Galindo
• gh-128632: Disallow classdict as the name of a type parameter. Using this name would previously crash the interpreter in some circumstances.
• gh-125331: from future import barry_as_FLUFL now works in more contexts, including when it is used in files, with the -c flag, and in the REPL when there are multiple statements on the same line. Previously, it worked only on subsequent lines in the REPL, and when the appropriate flags were passed directly to compile(). Patch by Pablo Galindo.
• gh-107526: Revert converting vars, dir, next, getattr, and iter to argument clinic.
• gh-107674: Fixed performance regression in sys.settrace. C API
• gh-131740: Update PyUnstable_GC_VisitObjects to traverse perm gen. Build
• gh-131865: The DTrace build now properly passes the CC and CFLAGS variables to the dtrace command when utilizing SystemTap on Linux.
• gh-130740: Ensure that Python.h is included before stdbool.h unless pyconfig.h is included before or in some platform-specific contexts.
• gh-129838: Don’t redefine _Py_NO_SANITIZE_UNDEFINED when compiling with a recent GCC version and undefined sanitizer enabled.
• gh-129660: Drop test_embed from PGO training, whose contribution in recent versions is considered to be ignorable.