Python 3.13.4, 3.12.11, 3.11.13, 3.10.18 and 3.9.23 are now available

Python Release Party It was only meant to be release day for 3.13.4 today, but poor number 13 looked so lonely… And hey, we had a couple of tarfile CVEs that we had to fix. So most of the Release Managers and all the Developers-in-Residence (including Security Developer-in-Residence Seth Michael Larson) came together to make it a full release party. Security content in these releases gh-135034 : Fixes multiple issues that allowed tarfile extraction filters ( filter="data" and filter="tar" ) to be bypassed using crafted symlinks and hard links.Addresses CVE 2024-12718 , CVE 2025-4138 , CVE 2025-4330 , and CVE 2025-4517 . gh-133767 : Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler. gh-128840 : Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. In addition to the security fixed mentioned above, a few additional changes to the ipaddress were backported to make the