Python 2.7.15 released – the last 2.7 release

Python is an interpreted high-level programming language for general-purpose programming. Created by Guido van Rossum and first released in 1991, Python has a design philosophy that emphasizes code readability, notably using significant whitespace. It provides constructs that enable clear programming on both small and large scales.

Python features a dynamic type system and automatic memory management. It supports multiple programming paradigms, including object-oriented, imperative, functional and procedural, and has a large and comprehensive standard library.

Python interpreters are available for many operating systems. CPython, the reference implementation of Python, is open source software and has a community-based development model, as do nearly all of its variant implementations. CPython is managed by the non-profit Python Software Foundation. via_Wiki

Today, Python 2.7.15 released. This version fixes bugs and adds some new features.

*Release date: 2018-04-29*

Core and Builtins

– bpo-33374: Tweak the definition of PyGC_Head, so compilers do not believe
it is always 16-byte aligned on x86. This prevents crashes with more
aggressive optimizations present in GCC 8.

What’s New in Python 2.7.15 release candidate 1?

*Release date: 2018-04-14*


– bpo-32997: A regex in fpformat was vulnerable to catastrophic
backtracking. This regex was a potential DOS vector (REDOS). Based on
typical uses of fpformat the risk seems low. The regex has been refactored
and is now safe. Patch by Jamie Davis.

– bpo-32981: Regexes in difflib and poplib were vulnerable to catastrophic
backtracking. These regexes formed potential DOS vectors (REDOS). They
have been refactored. This resolves CVE-2018-1060 and CVE-2018-1061. Patch
by Jamie Davis.

– bpo-31339: Rewrite time.asctime() and time.ctime(). Backport and adapt the
_asctime() function from the master branch to not depend on the
implementation of asctime() and ctime() from the external C library. This
change fixes a bug when Python is run using the musl C library.

– bpo-30730: Prevent environment variables injection in subprocess on
Windows. Prevent passing other environment variables and command

– bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple
security vulnerabilities including: CVE-2017-9233 (External entity
infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix),
CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and
CVE-2012-0876 (Counter hash flooding with SipHash). Note: the
CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t
impact Python, since Python already gets entropy from the OS to set the
expat secret using “XML_SetHashSalt()“.