The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to knock a machine offline.
PSF is urging its legion of Python users to upgrade systems to Python 3.8.8 or 3.9.2, in particular to address the remote code execution (RCE) vulnerability that’s tracked as CVE-2021-3177.
The project expedited the release after receiving unexpected pressure from some users who were concerned over the security flaw.
SEE: Hiring Kit: Python developer (TechRepublic Premium)
“Since the announcement of the release candidates for 3.9.2 on 3.8.8, we received a number of inquiries from end users urging us to expedite the final releases due to the security content, especially CVE-2021-3177,” said the Python release team.
“This took us somewhat by surprise since we believed security content is cherry-picked by downstream distributors from source either way, and the RC releases provide installers for everybody else interested in upgrading in the meantime,” PSF said.
“It turns out that release candidates are mostly invisible to the community and in many cases cannot be used due to upgrade processes which users have in place.”
Python 3.x through to 3.9.1 has a