[python] Bump Python to 3.14.4

[hayat01sh1da]

0. Summary of Changes

Release date: April 7, 2026
Scope: ~337 bugfixes, build improvements, and documentation changes

1. Security

CVE	Issue	Description
CVE-2026-4224	gh-145986	Fix crash from unbounded C recursion in xml.parsers.expat when converting deeply nested XML content models with ElementDeclHandler
CVE-2026-3644	gh-145599	Reject control characters in http.cookies.Morsel.update() and BaseCookie.js_output()
CVE-2026-2297	gh-145506	Ensure SourcelessFileLoader uses io.open_code when opening .pyc files
—	gh-144370	Disallow control characters in status in wsgiref.handlers to prevent HTTP header injection
—	gh-143930	Reject leading dashes in URLs passed to webbrowser.open()

2. Core and Builtins

2-1. Crash / Memory Safety Fixes

• gh-148157: Fix crash when parsing invalid type comments for function parameters (OSS-Fuzz)
• gh-146615: Fix crash in __get__ for METH_METHOD descriptors with invalid second argument
• gh-145783: Fix unlikely parser crash when errors were not propagated (OSS-Fuzz)
• gh-145792: Fix out-of-bounds access invoking faulthandler without VLA support
• gh-145701: Fix SystemError when __classdict__ or __conditional_annotations__ is in a class-scope inlined comprehension (OSS-Fuzz)
• gh-145335: Fix crash in os.pathconf when called with -1
• gh-145234: Fix SystemError in parser when encoding cookie decodes to carriage returns
• gh-145142: Fix crash in free-threaded build when str.maketrans dict is concurrently modified
• gh-144872: Fix heap buffer overflow in the parser (OSS-Fuzz)
• gh-144766: Fix crash in fork child process when perf support is enabled
• gh-144759: Fix undefined behavior in lexer with NULL pointer arithmetic
• gh-144601: Fix crash when importing a module whose PyInit function raises an exception from a subinterpreter
• gh-143636: Fix crash when calling SimpleNamespace.__replace__() on non-namespace instances
• gh-140594: Fix out-of-bounds read when a single NUL character is read from stdin
• gh-146056: Fix repr() for lists and tuples containing NULLs

2-2. Free-Threaded Build Improvements

• gh-148144: Initialize _PyInterpreterFrame.visited when copying frames so incremental GC doesn't read uninitialized bytes
• gh-146041: Fix scaling bottleneck in sys.intern and PyObject_SetAttr by avoiding interpreter-wide lock
• gh-145779: Improve scaling of classmethod and staticmethod calls
• gh-145685: Improve scaling of type attribute lookups by avoiding contention on internal type lock
• gh-145713: Make bytearray.resize thread-safe using critical sections
• gh-145615: Fix memory leak where mimalloc pages became permanently unreclaimable
• gh-145566: Skip stop-the-world pause when reassigning __class__ on newly created objects
• gh-145036: Fix race condition in list.__sizeof__
• gh-144513: Fix potential deadlock using critical sections during stop-the-world pauses
• gh-144446: Fix data races when reading frame object attributes while another thread executes the frame
• gh-144438: Align QSBR thread state array to 64-byte cache line boundary to avoid false sharing
• gh-143650: Fix race condition in importlib where a thread could receive a stale module reference

2-3. Other Core Fixes

• gh-146308: Fix error handling issues in _remote_debugging module
• gh-146128: Fix bug causing constant values to be partially corrupted in AArch64 JIT code
• gh-146250: Fix memory leak in SyntaxError when re-initializing
• gh-146245: Fix reference leaks in socket when audit hooks raise exceptions
• gh-146196: Fix potential UB in PyUnicodeWriter_WriteASCII by adding zero-length check
• gh-146227: Fix wrong type in _Py_atomic_load_uint16 (C11 atomics backend)
• gh-146092: Handle memory allocation failures on str and float opcodes
• gh-145990: Sort python --help-env and python --help-xoptions output
• gh-145376: Fix GC tracking in structseq.__replace__() and reference leaks in error scenarios
• gh-142183: Avoid pathological slowdown from repeated calls at a specific stack depth
• gh-145187: Fix assertion fail when type parameter bound contains invalid expression in conditional block
• gh-144563: Fix Tachyon profiler interaction with ctypes and modules loading Python shared library
• gh-130555: Fix use-after-free in dict.clear with embedded values and re-entrant mutation
• gh-130327: Fix erroneous clearing of __dict__ if overwritten at runtime
• gh-141732: Ensure __repr__ for ExceptionGroup is not affected by subsequent mutation of original sequence
• gh-91636: Clear weakrefs to unreachable objects created during GC finalizer execution
• gh-80667: \N{name} escape syntax now supports CJK ideographs and Hangul syllables with case-insensitive names

3. Library

3-1. Regression Fix

• gh-144503: Fix regression from 3.14.3 where multiprocessing forkserver would fail with BrokenPipeError when parent has very large sys.argv

3-2. Crash Fixes

• gh-146613: Fix crash in itertools.groupby when grouper iterator is concurrently mutated
• gh-146080: Fix ssl crash when SNI callback uses garbage-collected SSL object
• gh-146090: Fix sqlite3 crash when create_collation fails with SQLITE_BUSY; fix MemoryError vs SystemError in context callback allocation
• gh-145623: Fix crash in struct calling repr() or __sizeof__() on uninitialized Struct object
• gh-145301: Fix crashes in hmac and hashlib when C extension module initialization fails
• gh-144984: Fix crash in xml.parsers.expat.ExternalEntityParserCreate on allocation failure
• gh-144833: Fix use-after-free in ssl when SSL_new() returns NULL
• gh-143637: Fix crash in socket.sendmsg() from re-entrant ancillary data mutation
• gh-143543: Fix crash in itertools.groupby from re-entrant __eq__ during key comparison
• gh-140652: Fix crash in _interpchannels.list_all after closing a channel
• gh-142781: Fix zoneinfo.ZoneInfo crash when internal class-level cache is inconsistent
• gh-142787: Fix sqlite3 assertion failure in blob subscript with empty slices

3-3. Security-Related Library Fixes

• gh-145883: Fix heap buffer overflow reads from malformed TZif data in zoneinfo (OSS-Fuzz)
• gh-146310: ensurepip no longer looks for pip-*.whl in the current directory
• gh-146083: Update bundled libexpat to 2.7.5
• gh-144363: Update bundled libexpat to 2.7.4

3-4. Free-Threaded Build Library Fixes

• gh-144777: Fix data races in io.IncrementalNewlineDecoder
• gh-144809: Make collections.deque copy atomic
• gh-144494: Fix performance regression in asyncio.all_tasks
• gh-145446: Make functools.partial safer with keywords

3-5. Other Notable Library Fixes

• gh-146556: Fix annotationlib.get_annotations hanging on circular __wrapped__ chains
• gh-145633: Fix struct.pack('f', float) to use PyFloat_Pack4 and raise OverflowError
• gh-146076: Fix zoneinfo crashes when deleting _weak_cache from a subclass
• gh-146054: Limit size of encodings.search_function cache (OSS-Fuzz)
• gh-146004: All -X options now propagated to child processes spawned by multiprocessing
• gh-145754: Fix mock autospec with FORWARDREF annotation format
• gh-145750: Avoid UB from signed integer overflow in struct format string parsing (OSS-Fuzz)
• gh-145492: Fix infinite recursion in collections.defaultdict.__repr__ when self-referencing
• gh-145616: Detect Android sysconfig ABI correctly on 32-bit ARM
• gh-145551: Fix InvalidStateError when cancelling asyncio subprocesses
• gh-145417: Fix venv preserving incorrect SELinux context for Activate.ps1
• gh-145376: Fix double free and null pointer dereference in hashlib and hmac
• gh-145264: Base64 decoder no longer ignores excess data after first padded quad (RFC 4648 conformance)
• gh-145158: Avoid UB from signed integer overflow in struct format strings
• gh-144986: Fix memory leak in atexit.register()
• gh-88091: Fix unicodedata.decomposition for Hangul characters
• gh-144782: Fix argparse.ArgumentParser to be pickleable
• gh-144259: Fix inconsistent display of long multiline pasted content in the REPL
• gh-144156: Fix email header folding with RFC 2047 encoded words
• gh-66305: Fix hang on Windows in tempfile when directory is non-writable
• gh-140814: multiprocessing.freeze_support() no longer sets default start method as side effect
• gh-144475: Make repr() on functools.partial safer during concurrent attribute replacement
• gh-144538: Bump bundled pip in ensurepip to 26.0.1
• gh-144316: Fix crash in _remote_debugging
• gh-143698: Allow scheduler and setpgroup to be None in os.posix_spawn; raise TypeError instead of SystemError
• gh-142516: Fix ssl.SSLContext reference leaks
• gh-143304: Fix ctypes.CDLL to honor the handle parameter on POSIX
• gh-142763: Fix race condition between ZoneInfo creation and clear_cache()
• gh-142352: Fix asyncio.StreamWriter.start_tls data loss when upgrading to TLS mid-stream
• gh-141707: Don't change TarInfo type from AREGTYPE to DIRTYPE when parsing GNU long name headers
• gh-139933: Improve AttributeError suggestions for classes with custom __dir__
• gh-137335: Eliminate name conflicts for named pipes in multiprocessing and asyncio on Windows
• gh-80667: Support lookup for Tangut Ideographs in unicodedata

4. Documentation

• gh-126676: Expand argparse documentation for type=bool with demonstration of surprising behavior
• gh-145649: Fix text wrapping in -X option descriptions in the python(1) man page
• gh-145450: Document missing public wave.Wave_write getter methods
• gh-136246: New "Improve this page" link in docs sidebar

5. Build

• gh-146541: Android testbed can now be built for 32-bit ARM and x86 targets
• gh-146498: iOS XCframework build: ensure libpython isn't included in installed app content
• gh-146450: Android build script parity improvements
• gh-146446: iOS XCframework clean target is now more selective for single architectures
• gh-145801: Use -fprofile-update=atomic with GCC PGO to prevent .gcda corruption

6. Windows

• gh-145307: Defer loading of psapi.dll until used by ctypes.util.dllist
• gh-144551: Update bundled OpenSSL to 3.0.19
• gh-140131: Fix REPL cursor position when module completion suggestion hits console width

7. macOS

• gh-144551: Update macOS installer to use OpenSSL 3.0.19
• gh-137586: Invoke osascript with absolute path in webbrowser and turtledemo

8. C API

• gh-146056: PyUnicodeWriter_WriteRepr now supports NULL argument
• gh-145010: Use GCC dialect alternatives for inline assembly in object.h for -masm=intel compatibility
• gh-144981: Make PyUnstable_Code_SetExtra, PyUnstable_Code_GetExtra, and PyUnstable_Eval_RequestCodeExtraIndex thread-safe on free-threaded builds

9. Tests

• gh-144418: Android testbed emulator RAM increased from 2 GB to 4 GB
• gh-146202: Fix race condition in regrtest temp directory creation on Windows
• gh-144739: Skip MemoryProtectionTest when compiled with older expat but tests run with newer

Source: Python 3.14.4 Release · Full Changelog

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Updates the repository’s declared Python version to 3.14.4 across configuration and documentation.

Changes:

• Bump .python-version from 3.14.3 to 3.14.4
• Update Python version references in python/README.md and SECURITY.md

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
python/README.md	Updates the documented Python version in the environment section
SECURITY.md	Updates the security baseline table entry for Python exercises
.python-version	Updates the pinned Python interpreter version

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[hayat01sh1da]