Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #72387
| From | Benjamin Peterson <benjamin@python.org> |
|---|---|
| Subject | [RELEASE] Python 2.7.7 |
| Date | 2014-06-01 16:02 -0700 |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.10532.1401663726.18130.python-list@python.org> (permalink) |
I'm happy to announce the immediate availability of Python 2.7.7. Python
2.7.7 is a regularly scheduled bugfix release for the Python 2.7 series.
This release includes months of accumulated bugfixes. All the changes in
Python 2.7.7 are described in detail in the Misc/NEWS file of the source
tarball. You can view it online at
http://hg.python.org/cpython/raw-file/f89216059edf/Misc/NEWS
The 2.7.7 release also contains fixes for two severe, if arcane,
potential security vulnerabilities. The first was the possibility of
reading arbitrary process memory using JSONDecoder.raw_decode. [1] (No
other json APIs are affected.) The second security issue is an integer
overflow in the strop module. [2] (You actually have no reason
whatsoever to use the strop module.) Another security note for 2.7.7 is
that the release includes a backport from Python 3 of
hmac.compare_digest. This begins the implementation of PEP 466, Network
Security Enhancements for Python 2.7.x.
Downloads are at
https://python.org/download/releases/2.7.7/
This is a production release. As always, please report bugs to
http://bugs.python.org/
Build great things,
Benjamin Peterson
2.7 Release Manager
(on behalf of all of Python's contributors)
[1] http://bugs.python.org/issue21529
[2] http://bugs.python.org/issue21530
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
[RELEASE] Python 2.7.7 Benjamin Peterson <benjamin@python.org> - 2014-06-01 16:02 -0700
csiph-web