Python: Security Fixes and Import System Updates

Python developers merged 20 pull requests addressing critical security vulnerabilities including use-after-free bugs in JSON and pickle modules, plus significant changes to the lazy import system. Additional commits improved frozenset construction and fixed memory issues in threading tests.

2026-05-20T10:01:40Z

Duration: PT2M2S

Episode overview

This episode is a short developer briefing from Python.

It explains recent repository work in plain language.

Show: Python
Published: 2026-05-20T10:01:40Z
Audio duration: PT2M2S

Transcript excerpt

This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.

Good morning, this is your Python development briefing for Tuesday, May 20th, 2026.

Yesterday saw significant security and stability improvements across the Python codebase. Pablo Galindo merged a major change removing the lazy_imports=none startup mode, affecting 18 files with over 148,000 lines of changes. This follows ongoing work on PEP 810's deferred import implementation.

Critical security fixes dominated the merge activity. Alexey Katsman resolved a use-after-free vulnerability in the pickle module's list handling, while Ashley merged backports to Python 3.13 and 3.14 fixing a similar use-after-free bug in the JSON encoder during re-entrant mutations. These fixes prevent potential…

Larry Hastings addressed a reference leak in queue.SimpleQueue.put when memory allocation fails, and Kirill Ignatev fixed a race condition in SSL's SNI callback handling. Additional stability improvements included Caleb's fix for ZipFile reproducible builds that eliminates dependency on local timezone information.

Sam Gross optimized memory usage in free-threading tests, reducing peak memory consumption from 850MB to 175MB by adjusting iteration parameters. Documentation updates improved clarity…

Nota…

Nearby episodes from Python

Weekly Recap - JIT Optimization & Performance Focus 2026-05-24T10:01:55Z
Pickle Threading Fixes and Memory Monitoring 2026-05-23T10:01:26Z
Library Bug Fixes and Documentation Updates 2026-05-22T10:01:27Z
Core Fixes and Performance Improvements 2026-05-21T10:02:02Z
Directory Permissions and Thread Safety Fixes 2026-05-19T10:01:42Z
Performance Optimizations and Security Fixes 2026-05-18T10:01:08Z
Security Fix and OpenSSL Updates 2026-05-17T10:03:56Z
Weekly Recap - Free-Threading Stability & Platform Compatibility 2026-05-17T10:01:43Z