Python news wrap-up for September 2022
TensorStore, software supply chain vulnerabilities, bug fixes, and more!
Hello Grokking Python readers, and happy Thursday!
As many of you probably know, Python is a rapidly growing programming language. It's used by major companies all over the world, and its popularity seems to be increasing every day.
Because of this, there are always new updates and developments related to Python. And in today's edition, we're going to take a look at some of the most recent news and updates.
So, without further ado, here are some recent news and updates related to Python!
Google releases new Python API: TensorStore
TensorStore is a new open-source storage library from Google that makes it easy to work with large, multi-dimensional data sets.
Here are the highlights of TensorStore:
Provides a uniform API for reading and writing multiple array formats, including zarr, N5, and Neuroglancer precomputed.
Natively supports multiple storage drivers, including Google Cloud Storage, local and network filesystems, and in-memory storage.
Support for read/writeback caching and transactions, with strong atomicity, consistency, isolation, and durability (ACID) guarantees.
Supports safe, efficient access from multiple processes and machines via optimistic concurrency.
High-performance implementation in C++ automatically takes advantage of multiple cores for encoding/decoding and performs multiple concurrent I/O operations to saturate network bandwidth.
Asynchronous API enables high-throughput access even to high-latency remote storage.
Advanced, fully composable indexing operations and virtual views.
Unpatched for 15 years: Python vulnerability comes back into the spotlight
In a recent blog post, Trellix, a privately held cybersecurity company, stated that their research into a longstanding security flaw in a Python module revealed a substantially large attack surface for software supply chains.
CVE-2007-4559 was reported in 2007 to the Python project indicating that the tarfile module was not properly checking for path traversal vulnerabilities. Unpatched, this vulnerability has since been unintentionally added to hundreds of thousands of open- and closed-source projects worldwide. The open-source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, and IT management.
"While investigating an unrelated vulnerability our team stumbled across this issue present in an enterprise device. Initially, we thought we had found a new zero-day vulnerability. As we dug into the issue, we realized this was actually CVE-2007-4559. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from an arbitrary file write."
Douglas McKee
Python 3.11.0rc2 is now available!
This is the last preview release before the final release of Python 3.11.0 on Oct. 24. You can find the full Python 3.11 release schedule in PEP 664.
If you're a core developer who has submitted changes, be sure to confirm that your changes are properly documented.
If you maintain any third-party Python projects, this is the time for you to check for any compatibility issues with Python 3.11.
Major new features of Python 3.11
PEP 657 – Include Fine-Grained Error Locations in Tracebacks
PEP 654 – Exception Groups and except*
PEP 673 – Self Type
PEP 646 – Variadic Generics
PEP 680 – tomllib: Support for Parsing TOML in the Standard Library
PEP 675 – Arbitrary Literal String Type
PEP 655 – Marking individual TypedDict items as required or potentially-missing
bpo-46752 – Introduce task groups to asyncio
PEP 681 – Data Class Transforms
bpo-433030– Atomic grouping ((?>…)) and possessive quantifiers (
*+, ++, ?+, {m,n}+
) are now supported in regular expressions.The Faster Cpython Project is already yielding some exciting results. Python 3.11 is up to 10 to 60% faster than Python 3.10. On average, a 1.22x speedup on the standard benchmark suite was measured. See Faster CPython for details.
Python releases a bugfix for 3.10.7 and security fixes for 3.9.14, 3.8.134, and 3.7.14
3.10.7
Python 3.10.7, the most recent bugfix version of Python, was released outside of the usual update cycle to address CVE-2020-10735, resulting in a smaller number of changes than 3.10.6 (200 commits), or even 3.9.7 (187 commits) from a year ago at the same point in the release cycle. Nonetheless, with over 100 modifications in this most recent Python version, it's worth taking a look at the change log to see what's new and improved since then.
3.9.14, 3.8.134, and 3.7.14
To avoid potential denial of service (DoS) attacks, converting between int
and str
in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 — such as base 10 (decimal) — now raises a ValueError if the number of digits in string form is above a certain limit.
In order to resolve this matter, security releases for 3.9.14, 3.8.14, and 3.7.14 were made available at the same time, in addition to some less pressing security content.
These updates contain numerous security fixes, so installing the update for your relevant Python version(s) is strongly recommended.
PyCharm 2022.2.2 is out!
PyCharm 2022.2 was a major release that brought lots of new features and improvements, including support for Python 3.11, an improved HTTP client, and enhancements to the UX. (The full list of changes in the version can be found in the release notes.)
PyCharm 2022.2.2, the second bug-fix update for the major release, includes big improvements for Python dataclass support. Read more on the PyCharm blog.
2022 Django Developers Survey is now available
The 2022 Django Developers Survey is now available! This survey aims to collect data about the Django community and show how different developers use Django in their work.
The survey will run until Oct. 21. If you use Django, consider taking the survey to have a direct impact on future technical and community decisions.
That's all for today! We hope you’ve enjoyed this roundup of recent news and updates related to Python. We’ll be back next month with another recap, so stay tuned.