3.7.10

Include/patchlevel.h

@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION        3
 #define PY_MINOR_VERSION        7
-#define PY_MICRO_VERSION        9
+#define PY_MICRO_VERSION        10
 #define PY_RELEASE_LEVEL        PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL       0
 
 /* Version as a string */
-#define PY_VERSION              "3.7.9+"
+#define PY_VERSION              "3.7.10"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.

Lib/pydoc_data/topics.py

 # -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Sat Aug 15 01:12:49 2020
+# Autogenerated by Sphinx on Mon Feb 15 20:10:03 2021
 topics = {'assert': 'The "assert" statement\n'
            '**********************\n'
            '\n'

Misc/NEWS.d/3.7.10.rst

+.. bpo: 42967
+.. date: 2021-02-14-15-59-16
+.. nonce: YApqDS
+.. release date: 2021-02-15
+.. section: Security
+
+Fix web cache poisoning vulnerability by defaulting the query args separator
+to ``&``, and allowing the user to choose a custom separator.
+
+..
+
+.. bpo: 42938
+.. date: 2021-01-18-09-27-31
+.. nonce: 4Zn4Mp
+.. section: Security
+
+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
+:class:`ctypes.c_longdouble` values.
+
+..
+
+.. bpo: 42103
+.. date: 2020-10-23-19-19-30
+.. nonce: cILT66
+.. section: Security
+
+Prevented potential DoS attack via CPU and RAM exhaustion when processing
+malformed Apple Property List files in binary format.
+
+..
+
+.. bpo: 42051
+.. date: 2020-10-19-10-56-27
+.. nonce: EU_B7u
+.. section: Security
+
+The :mod:`plistlib` module no longer accepts entity declarations in XML
+plist files to avoid XML vulnerabilities. This should not affect users as
+entity declarations are not used in regular plist files.
+
+..
+
+.. bpo: 40791
+.. date: 2020-05-28-06-06-47
+.. nonce: QGZClX
+.. section: Security
+
+Add ``volatile`` to the accumulator variable in ``hmac.compare_digest``,
+making constant-time-defeating optimizations less likely.
+
+..
+
+.. bpo: 42103
+.. date: 2020-10-23-19-20-14
+.. nonce: C5obK2
+.. section: Library
+
+:exc:`~plistlib.InvalidFileException` and :exc:`RecursionError` are now the
+only errors caused by loading malformed binary Plist file (previously
+ValueError and TypeError could be raised in some specific cases).
+
+..
+
+.. bpo: 41976
+.. date: 2020-10-08-18-22-28
+.. nonce: Svm0wb
+.. section: Library
+
+Fixed a bug that was causing :func:`ctypes.util.find_library` to return
+``None`` when triying to locate a library in an environment when gcc>=9 is
+available and ``ldconfig`` is not. Patch by Pablo Galindo
+
+..
+
+.. bpo: 17140
+.. date: 2020-12-16-21-06-16
+.. nonce: 1leSEg
+.. section: Documentation
+
+Add documentation for the :class:`multiprocessing.pool.ThreadPool` class.
+
+..
+
+.. bpo: 42794
+.. date: 2021-01-01-08-52-36
+.. nonce: -7-XGz
+.. section: Tests
+
+Update test_nntplib to use offical group name of news.aioe.org for testing.
+Patch by Dong-hee Na.
+
+..
+
+.. bpo: 41944
+.. date: 2020-10-05-17-43-46
+.. nonce: rf1dYb
+.. section: Tests
+
+Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.

Misc/NEWS.d/next/Documentation/2020-12-16-21-06-16.bpo-17140.1leSEg.rst

-Add documentation for the :class:`multiprocessing.pool.ThreadPool` class.

Misc/NEWS.d/next/Library/2020-10-08-18-22-28.bpo-41976.Svm0wb.rst

-Fixed a bug that was causing :func:`ctypes.util.find_library` to return
-``None`` when triying to locate a library in an environment when gcc>=9 is
-available and ``ldconfig`` is not. Patch by Pablo Galindo

Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst

-:exc:`~plistlib.InvalidFileException` and :exc:`RecursionError` are now
-the only errors caused by loading malformed binary Plist file (previously
-ValueError and TypeError could be raised in some specific cases).

Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst

-Add ``volatile`` to the accumulator variable in ``hmac.compare_digest``, making constant-time-defeating optimizations less likely.
\ No newline at end of file

Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst

-The :mod:`plistlib` module no longer accepts entity declarations in XML
-plist files to avoid XML vulnerabilities. This should not affect users as
-entity declarations are not used in regular plist files.

Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst

-Prevented potential DoS attack via CPU and RAM exhaustion when processing
-malformed Apple Property List files in binary format.

Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst

-Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
-:class:`ctypes.c_longdouble` values.

Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst

-Fix web cache poisoning vulnerability by defaulting the query args separator to ``&``, and allowing the user to choose a custom separator.

Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst

-Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.

Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst

-Update test_nntplib to use offical group name of news.aioe.org for testing.
-Patch by Dong-hee Na.

README.rst

-This is Python version 3.7.9+
+This is Python version 3.7.10
 =============================
 
 .. image:: https://travis-ci.org/python/cpython.svg?branch=3.7