Skip to content
Python Releases
Python Releases

Python 3.14.2 fixes four crash regressions. Upgrade if you run 3.14.0 or 3.14.1.

Python 3.14.2 fixes four crash regressions. Upgrade if you run 3.14.0 or 3.14.1. I’ve watched “harmless” micro-upgrades turn into a 2 a.m. rollback. Python 3.14.2 exists because 3.14.0 and 3.14.1 shipped four regressions that can crash real programs, plus it patches CVE-2025-12084. TL;DR: who should upgrade this week Upgrade now. If you run Python 3.14.0 […]

Jack Pauley December 10, 2025 6 min read

Python 3.14.2 fixes four crash regressions. Upgrade if you run 3.14.0 or 3.14.1.

I’ve watched “harmless” micro-upgrades turn into a 2 a.m. rollback. Python 3.14.2 exists because 3.14.0 and 3.14.1 shipped four regressions that can crash real programs, plus it patches CVE-2025-12084.

TL;DR: who should upgrade this week

Upgrade now. If you run Python 3.14.0 or 3.14.1 in production, do not wait for a quiet sprint to fix crashes that already escaped once.

  • Must upgrade: You run 3.14.0/3.14.1 and you use multiprocessing, dataclasses, or re.Scanner, or you saw unexplained interpreter crashes (including segfaults) after upgrading.
  • Strongly recommended: You parse untrusted XML with xml.minidom, or you ship any service that can be driven into worst-case CPU behavior. That maps to CVE-2025-12084.
  • Probably fine to schedule: Dev boxes and throwaway CI workers. Still upgrade, but you can do it after lunch.

What changed in Python 3.14.2 (the stuff that can bite you)

The thing nobody mentions is how boring maintenance releases should feel. When they are “expedited,” you should read that as “something broke badly enough that core devs rushed the patch.”

  • Security fix (CVE-2025-12084): Python 3.14.2 removes quadratic behavior in the xml.minidom node ID cache clearing. In plain terms, certain DOM operations can get slow in a way attackers love.
  • Security hardening in http.server: Python 3.14.2 fixes a potential denial-of-service involving virtual memory allocation in http.server. Upstream release notes treat it as a security fix, but they do not clearly attach a CVE to it.
  • Regression fixes (4 crashers): Python 3.14.2 fixes crashes tied to multiprocessing, dataclasses (edge cases around __init__ and annotations), dictionary insertion that could segfault, and re.Scanner with multiple capturing groups.
  • Build and packaging: Official macOS and Windows binaries include an experimental JIT, and official Android binaries exist for 3.14.

The four regressions, explained like you’re on call

Crashes ruin your day fast. A single segfault can look like “random infra flakiness” until you correlate it with a Python microversion.

  • multiprocessing upgrade crash: If you upgrade in place and run programs during the upgrade window, resource tracking can throw exceptions. I have seen teams do rolling host upgrades and then spend hours blaming systemd.
  • dataclasses without a normal __init__: Certain dataclass setups can raise exceptions when __init__ does not behave the usual way. This shows up as “why did my import suddenly crash” because dataclasses runs at import time.
  • dictionary insertion segfault: This is the scariest category. When the interpreter segfaults, your Python stack traces stop, your APM goes dark, and your incident channel fills with guesses.
  • re.Scanner with multiple capturing groups: Some code uses re.Scanner even though it’s undocumented. Python 3.14.2 avoids the crash by reverting behavior, but you should still treat re.Scanner as fragile glue code.

How I’d roll this out (without getting cute)

Test it twice. For production systems, I would not “just bump the base image” and hope.

  • Step 1, pin the interpreter: Update your runtime pin from 3.14.0/3.14.1 to 3.14.2 in one place (Docker tag, pyenv version, or buildpack). Then rebuild everything that bundles Python.
  • Step 2, run a targeted smoke suite: Run your normal tests, plus one focused job that hits multiprocessing usage, dataclass-heavy imports, and your regex tokenizers.
  • Step 3, canary it: Ship 3.14.2 to one service or one percent of traffic first. Watch for segfaults, container restarts, and sudden latency spikes in XML-heavy endpoints.
  • Step 4, keep a rollback handle: Make the rollback a one-line change, like reverting a Docker image tag. Do not “hotfix” in the middle of an incident.

I don’t trust “Known issues: none” from any project. I trust canaries, graphs, and a rollback that takes under five minutes.

About the experimental JIT in official binaries

So. Yes, it’s interesting that Python ships an experimental JIT in official macOS and Windows installers.

I would not enable experimental runtime features in production just because they ship in the default installer. Measure first, then decide. If you want speed, prove it with a benchmark that matches your workload, because “faster on a microbenchmark” often turns into “more memory and weird tail latency” under real traffic.

Loose ends

Other stuff in this release: dependency bumps, some library fixes, docs updates, the usual. There’s probably a better way to validate all four regressions automatically in CI, but…

Bottom line

If you run Python 3.14.0 or 3.14.1, upgrade to 3.14.2. You get fixes for four crash regressions and you patch CVE-2025-12084, and that’s a trade I’ll take almost every time.

Keep Reading

Frequently Asked Questions

Should I upgrade to Python 3.14.2 immediately? Yes, if you run Python 3.14.0 or 3.14.1 in production. This release fixes four crash regressions that can cause interpreter segfaults in real workloads, including crashes in multiprocessing, dataclasses, dictionary insertion, and re.Scanner. It also patches CVE-2025-12084 for xml.minidom.

What crashes does Python 3.14.2 fix? Four specific regressions: a multiprocessing crash, a dataclasses edge case around __init__ and annotations, a dictionary insertion segfault, and a re.Scanner failure with multiple capturing groups. Any of these can look like random “infra flakiness” until you trace it to the Python version.

Does Python 3.14.2 fix any security vulnerabilities? Yes. CVE-2025-12084 patches quadratic behavior in the xml.minidom node ID cache clearing, which attackers can exploit for denial-of-service. There is also a security hardening fix for http.server that blocks a potential memory allocation DoS, though it does not have a separate CVE.

Can I skip Python 3.14.2 if I only run dev environments? You can schedule it later, but you should still upgrade. The crash bugs affect common stdlib features (multiprocessing, dataclasses, regex), so they can bite you in test suites and local development too. Production and CI runners should upgrade within days.

Related Reading

Upgrade to 3.14.2

Crash regressions mean your existing code can segfault on the previous version. Upgrade now:

# Via pyenv (recommended for managing multiple versions)
pyenv install 3.14.2
pyenv global 3.14.2
python --version

# Via deadsnakes PPA (Ubuntu)
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt update && sudo apt install -y python3.14

# Via official installer (macOS/Windows)
# Download from python.org/downloads/release/python-3142/

# Docker
docker pull python:3.14.2-slim
docker run --rm python:3.14.2-slim python --version

Test for the fixed crashes

The regressions in 3.14.0/3.14.1 can crash the interpreter in specific scenarios. Verify the fixes are active:

# Quick sanity checks for areas where crashes were reported
import sys
import gc
import threading

print(f"Python {sys.version}")
print(f"Build: {sys.version_info}")

# Test garbage collector stability (common crash area)
gc.collect()
print(f"GC stats: {gc.get_stats()}")

# Test threading (regression area)
def worker():
    return sum(range(10000))

threads = [threading.Thread(target=worker) for _ in range(10)]
for t in threads:
    t.start()
for t in threads:
    t.join()
print("Threading: OK")

# Test import system
import importlib
importlib.invalidate_caches()
print("Import system: OK")

CI pipeline update

Pin to 3.14.2 explicitly. The crash regressions in .0/.1 are a good reminder why floating version tags are dangerous:

# .github/workflows/test.yml
jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.14.2", "3.13.3", "3.12.10"]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
      - run: pip install -r requirements.txt
      - run: python -m pytest --tb=short

Check if your Python dependencies are approaching EOL with the Dependency EOL Scanner. Full Python timeline at our Python Release Tracker. Pick the right version for your project with the Version Picker.

Official resources:

🛠️ Try These Free Tools

📦 Dependency EOL Scanner

Paste your dependency file to check for end-of-life packages.

🗺️ Upgrade Path Planner

Plan your upgrade path with breaking change warnings and step-by-step guidance.

🔧 GitHub Actions Version Auditor

Paste your workflow YAML to audit action versions and pinning.

See all free tools →

Track These Releases

Bun Releases Ubuntu Releases GitHub Actions Releases

Stay Updated

Get the best releases delivered monthly. No spam, unsubscribe anytime.

By subscribing you agree to our Privacy Policy.

More Python Articles

Release Guide Mar 18, 2026
Python v3.15.0a7: Alpha Testing Preview
Release Guide Mar 12, 2026
Python v3.11.15: Security Patch for Email Module
Release Guide Mar 11, 2026
Python v3.12.13: Security and Stability Release
How-To Dec 10, 2025
How to use template string literals in Python 3.14 — [python] template string literals
View all Python releases →