Python 2.7.15 released – the last 2.7 release
Python is an interpreted high-level programming language for general-purpose programming. Created by Guido van Rossum and first released in 1991, Python has a design philosophy that emphasizes code readability, notably using significant whitespace. It provides constructs that enable clear programming on both small and large scales.
Python features a dynamic type system and automatic memory management. It supports multiple programming paradigms, including object-oriented, imperative, functional and procedural, and has a large and comprehensive standard library.
Python interpreters are available for many operating systems. CPython, the reference implementation of Python, is open source software and has a community-based development model, as do nearly all of its variant implementations. CPython is managed by the non-profit Python Software Foundation. via_Wiki
Today, Python 2.7.15 released. This version fixes bugs and adds some new features.
Python 2.7.15 released — the last 2.7 release! https://t.co/3VNiKJLAYr
— Guido van Rossum (@gvanrossum) May 1, 2018
*Release date: 2018-04-29*
Core and Builtins
—————–– bpo-33374: Tweak the definition of PyGC_Head, so compilers do not believe
it is always 16-byte aligned on x86. This prevents crashes with more
aggressive optimizations present in GCC 8.What’s New in Python 2.7.15 release candidate 1?
================================================*Release date: 2018-04-14*
Security
——–– bpo-32997: A regex in fpformat was vulnerable to catastrophic
backtracking. This regex was a potential DOS vector (REDOS). Based on
typical uses of fpformat the risk seems low. The regex has been refactored
and is now safe. Patch by Jamie Davis.– bpo-32981: Regexes in difflib and poplib were vulnerable to catastrophic
backtracking. These regexes formed potential DOS vectors (REDOS). They
have been refactored. This resolves CVE-2018-1060 and CVE-2018-1061. Patch
by Jamie Davis.– bpo-31339: Rewrite time.asctime() and time.ctime(). Backport and adapt the
_asctime() function from the master branch to not depend on the
implementation of asctime() and ctime() from the external C library. This
change fixes a bug when Python is run using the musl C library.– bpo-30730: Prevent environment variables injection in subprocess on
Windows. Prevent passing other environment variables and command
arguments.– bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple
security vulnerabilities including: CVE-2017-9233 (External entity
infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix),
CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and
CVE-2012-0876 (Counter hash flooding with SipHash). Note: the
CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t
impact Python, since Python already gets entropy from the OS to set the
expat secret using “XML_SetHashSalt()“.More…
