Python 3.8.17

Author: ambv

Include/patchlevel.h

@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION        3
 #define PY_MINOR_VERSION        8
-#define PY_MICRO_VERSION        16
+#define PY_MICRO_VERSION        17
 #define PY_RELEASE_LEVEL        PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL       0
 
 /* Version as a string */
-#define PY_VERSION              "3.8.16+"
+#define PY_VERSION              "3.8.17"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.

Misc/NEWS.d/3.8.17.rst

@@ -0,0 +1,121 @@
+.. date: 2023-06-01-03-24-58
+.. gh-issue: 103142
+.. nonce: GLWDMX
+.. release date: 2023-06-06
+.. section: Security
+
+The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u
+to address several CVEs.
+
+..
+
+.. date: 2023-05-02-17-56-32
+.. gh-issue: 99889
+.. nonce: l664SU
+.. section: Security
+
+Fixed a security in flaw in :func:`uu.decode` that could allow for directory
+traversal based on the input if no ``out_file`` was specified.
+
+..
+
+.. date: 2023-05-01-15-03-25
+.. gh-issue: 104049
+.. nonce: b01Y3g
+.. section: Security
+
+Do not expose the local on-disk location in directory indexes produced by
+:class:`http.client.SimpleHTTPRequestHandler`.
+
+..
+
+.. date: 2023-03-07-20-59-17
+.. gh-issue: 102153
+.. nonce: 14CLSZ
+.. section: Security
+
+:func:`urllib.parse.urlsplit` now strips leading C0 control and space
+characters following the specification for URLs defined by WHATWG in
+response to CVE-2023-24329. Patch by Illia Volochii.
+
+..
+
+.. date: 2023-02-08-22-03-04
+.. gh-issue: 101727
+.. nonce: 9P5eZz
+.. section: Security
+
+Updated the OpenSSL version used in Windows and macOS binary release builds
+to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per
+`the OpenSSL 2023-02-07 security advisory
+<https://www.openssl.org/news/secadv/20230207.txt>`_.
+
+..
+
+.. date: 2023-01-24-16-12-00
+.. gh-issue: 101283
+.. nonce: 9tqu39
+.. section: Security
+
+:class:`subprocess.Popen` now uses a safer approach to find ``cmd.exe`` when
+launching with ``shell=True``. Patch by Eryk Sun, based on a patch by Oleg
+Iarygin.
+
+..
+
+.. date: 2023-04-27-20-03-08
+.. gh-issue: 103935
+.. nonce: Uaf2M0
+.. section: Library
+
+Use :func:`io.open_code` for files to be executed instead of raw
+:func:`open`
+
+..
+
+.. date: 2023-03-23-15-24-38
+.. gh-issue: 102953
+.. nonce: YR4KaK
+.. section: Library
+
+The extraction methods in :mod:`tarfile`, and :func:`shutil.unpack_archive`,
+have a new a *filter* argument that allows limiting tar features than may be
+surprising or dangerous, such as creating files outside the destination
+directory. See :ref:`tarfile-extraction-filter` for details.
+
+..
+
+.. date: 2023-02-17-18-44-27
+.. gh-issue: 101997
+.. nonce: A6_blD
+.. section: Library
+
+Upgrade pip wheel bundled with ensurepip (pip 23.0.1)
+
+..
+
+.. date: 2023-02-27-18-55-32
+.. gh-issue: 102306
+.. nonce: bkokFL
+.. section: Build
+
+[3.8] Avoid GHA CI macOS test_posix failure by using the appropriate macOS
+SDK.
+
+..
+
+.. date: 2023-01-09-23-03-57
+.. gh-issue: 100180
+.. nonce: b5phrg
+.. section: Windows
+
+Update Windows installer to OpenSSL 1.1.1s
+
+..
+
+.. date: 2023-05-30-23-30-46
+.. gh-issue: 103142
+.. nonce: 55lMXQ
+.. section: macOS
+
+Update macOS installer to use OpenSSL 1.1.1u.

Misc/NEWS.d/next/Build/2023-02-27-18-55-32.gh-issue-102306.bkokFL.rst

@@ -1,4 +1,4 @@
-This is Python version 3.8.16
+This is Python version 3.8.17
 =============================
 
 .. image:: https://travis-ci.org/python/cpython.svg?branch=3.8