Python: Security Fixes and Site Module Updates
Python CPython received 16 merged pull requests on May 11, 2026, including critical security patches for tarfile and XML parsing, plus fixes for virtual environment site file handling.
Duration: PT2M12S
Episode overview
This episode is a short developer briefing from Python.
It explains recent repository work in plain language.
- Show: Python
- Published: 2026-05-11T10:01:03Z
- Audio duration: PT2M12S
Transcript excerpt
This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.
Good morning, this is your Python developer briefing for May 11th, 2026.
Barry Warsaw merged a comprehensive fix for double evaluation of .pth and .site files in virtual environments, addressing issue 75723 with 122 lines of changes across the site module and test suite. This Python 3.15-specific fix implements PEP 829 requirements and should not be backported to earlier versions.
Multiple security patches were merged across Python versions. The tarfile module received critical updates to its data filter functionality, fixing vulnerabilities where crafted archives could create links pointing outside the destination directory. These patches were applied to versions 3.13, 3.14, and 3.15.
ByteFlow merged fixes for integer overflow issues in Expat's CharacterDataHandler, preventing potential core dumps when processing XML data. Stan Ulbrych enhanced XML security by implementing XML_SetHashSalt16Bytes in both pyexpat and _elementtree modules when available.
Michael Droettboom resolved rlcompleter failures when working with objects containing descriptors, particularly affecting Cython libraries where property-annotated methods could raise exceptions during autocompletion.
Sergey Kirpichev…
Nearby episodes from Python
- Security Updates and Documentation Improvements
- Security Patches and Site Module Fix
- Library Cleanup and Performance Improvements
- Threading Safety and Email Parser Fixes
- Profiling Fixes and AsyncIO Improvements
- Security Fixes and Performance Optimizations
- Version 3.16 Release Preparation
- Frame Pointer Fixes and PEP 788 Implementation