Grokking Python

Share this post

Python news wrap-up for September 2022

www.grokkingpython.com

Python news wrap-up for September 2022

TensorStore, software supply chain vulnerabilities, bug fixes, and more!

Sep 29, 2022
1
Share this post

Python news wrap-up for September 2022

www.grokkingpython.com

Hello Grokking Python readers, and happy Thursday!

As many of you probably know, Python is a rapidly growing programming language. It's used by major companies all over the world, and its popularity seems to be increasing every day.

Because of this, there are always new updates and developments related to Python. And in today's edition, we're going to take a look at some of the most recent news and updates.

So, without further ado, here are some recent news and updates related to Python!

Thanks for reading Grokking Python! Subscribe for free to receive new posts and support our work.

Google releases new Python API: TensorStore

TensorStore is a new open-source storage library from Google that makes it easy to work with large, multi-dimensional data sets.

Here are the highlights of TensorStore:

  • Provides a uniform API for reading and writing multiple array formats, including zarr, N5, and Neuroglancer precomputed.

  • Natively supports multiple storage drivers, including Google Cloud Storage, local and network filesystems, and in-memory storage.

  • Support for read/writeback caching and transactions, with strong atomicity, consistency, isolation, and durability (ACID) guarantees.

  • Supports safe, efficient access from multiple processes and machines via optimistic concurrency.

  • High-performance implementation in C++ automatically takes advantage of multiple cores for encoding/decoding and performs multiple concurrent I/O operations to saturate network bandwidth.

  • Asynchronous API enables high-throughput access even to high-latency remote storage.

  • Advanced, fully composable indexing operations and virtual views.

Unpatched for 15 years: Python vulnerability comes back into the spotlight

In a recent blog post, Trellix, a privately held cybersecurity company, stated that their research into a longstanding security flaw in a Python module revealed a substantially large attack surface for software supply chains.

CVE-2007-4559 was reported in 2007 to the Python project indicating that the tarfile module was not properly checking for path traversal vulnerabilities. Unpatched, this vulnerability has since been unintentionally added to hundreds of thousands of open- and closed-source projects worldwide. The open-source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, and IT management.

"While investigating an unrelated vulnerability our team stumbled across this issue present in an enterprise device. Initially, we thought we had found a new zero-day vulnerability. As we dug into the issue, we realized this was actually CVE-2007-4559. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from an arbitrary file write."

Douglas McKee

Python 3.11.0rc2 is now available!

This is the last preview release before the final release of Python 3.11.0 on Oct. 24. You can find the full Python 3.11 release schedule in PEP 664.

If you're a core developer who has submitted changes, be sure to confirm that your changes are properly documented.

If you maintain any third-party Python projects, this is the time for you to check for any compatibility issues with Python 3.11.

Major new features of Python 3.11

  • PEP 657 – Include Fine-Grained Error Locations in Tracebacks

  • PEP 654 – Exception Groups and except*

  • PEP 673 – Self Type

  • PEP 646 – Variadic Generics

  • PEP 680 – tomllib: Support for Parsing TOML in the Standard Library

  • PEP 675 – Arbitrary Literal String Type

  • PEP 655 – Marking individual TypedDict items as required or potentially-missing

  • bpo-46752 – Introduce task groups to asyncio

  • PEP 681 – Data Class Transforms

  • bpo-433030– Atomic grouping ((?>…)) and possessive quantifiers (*+, ++, ?+, {m,n}+) are now supported in regular expressions.

  • The Faster Cpython Project is already yielding some exciting results. Python 3.11 is up to 10 to 60% faster than Python 3.10. On average, a 1.22x speedup on the standard benchmark suite was measured. See Faster CPython for details.

Python releases a bugfix for 3.10.7 and security fixes for 3.9.14, 3.8.134, and 3.7.14

3.10.7

Python 3.10.7, the most recent bugfix version of Python, was released outside of the usual update cycle to address CVE-2020-10735, resulting in a smaller number of changes than 3.10.6 (200 commits), or even 3.9.7 (187 commits) from a year ago at the same point in the release cycle. Nonetheless, with over 100 modifications in this most recent Python version, it's worth taking a look at the change log to see what's new and improved since then.

3.9.14, 3.8.134, and 3.7.14

To avoid potential denial of service (DoS) attacks, converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 — such as base 10 (decimal) — now raises a ValueError if the number of digits in string form is above a certain limit.

In order to resolve this matter, security releases for 3.9.14, 3.8.14, and 3.7.14 were made available at the same time, in addition to some less pressing security content.

These updates contain numerous security fixes, so installing the update for your relevant Python version(s) is strongly recommended.

PyCharm 2022.2.2 is out!

PyCharm 2022.2 was a major release that brought lots of new features and improvements, including support for Python 3.11, an improved HTTP client, and enhancements to the UX. (The full list of changes in the version can be found in the release notes.)

PyCharm 2022.2.2, the second bug-fix update for the major release, includes big improvements for Python dataclass support. Read more on the PyCharm blog.

2022 Django Developers Survey is now available

The 2022 Django Developers Survey is now available! This survey aims to collect data about the Django community and show how different developers use Django in their work.

The survey will run until Oct. 21. If you use Django, consider taking the survey to have a direct impact on future technical and community decisions.

That's all for today! We hope you’ve enjoyed this roundup of recent news and updates related to Python. We’ll be back next month with another recap, so stay tuned.

Thanks for reading Grokking Python! Subscribe for free to receive new posts and support our work.

Share this post

Python news wrap-up for September 2022

www.grokkingpython.com
Comments
TopNew

No posts

Ready for more?

© 2023 Educative
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing