Python 3.11.14

diff --git a/Include/patchlevel.h b/Include/patchlevel.h
index 9ee39151c96ca8db12643cfecb4428ed2e30597e..72887d1cd72bc3a58b3a91111118964a3b54e765 100644 (file)
--- a/Include/patchlevel.h
+++ b/Include/patchlevel.h
@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION        3
 #define PY_MINOR_VERSION        11
-#define PY_MICRO_VERSION        13
+#define PY_MICRO_VERSION        14
 #define PY_RELEASE_LEVEL        PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL       0
 
 /* Version as a string */
-#define PY_VERSION              "3.11.13+"
+#define PY_VERSION              "3.11.14"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.

diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py
index 0edb31b1d27a0f8b5f228e809ed601eda3fd9395..4b472f3eca331e2a53307412cca0832c366b0272 100644 (file)
--- a/Lib/pydoc_data/topics.py
+++ b/Lib/pydoc_data/topics.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Tue Jun  3 19:38:08 2025
+# Autogenerated by Sphinx on Thu Oct  9 18:16:46 2025
 # as part of the release process.
 topics = {'assert': 'The "assert" statement\n'
            '**********************\n'

diff --git a/Misc/NEWS.d/3.11.14.rst b/Misc/NEWS.d/3.11.14.rst
new file mode 100644 (file)
index 0000000..4c2d912
--- /dev/null
+++ b/Misc/NEWS.d/3.11.14.rst
@@ -0,0 +1,143 @@
+.. date: 2025-10-07-19-31-34
+.. gh-issue: 139700
+.. nonce: vNHU1O
+.. release date: 2025-10-09
+.. section: Security
+
+Check consistency of the zip64 end of central directory record. Support
+records with "zip64 extensible data" if there are no bytes prepended to the
+ZIP file.
+
+..
+
+.. date: 2025-09-29-00-01-28
+.. gh-issue: 139400
+.. nonce: X2T-jO
+.. section: Security
+
+:mod:`xml.parsers.expat`: Make sure that parent Expat parsers are only
+garbage-collected once they are no longer referenced by subparsers created
+by :meth:`~xml.parsers.expat.xmlparser.ExternalEntityParserCreate`. Patch by
+Sebastian Pipping.
+
+..
+
+.. date: 2025-06-25-14-13-39
+.. gh-issue: 135661
+.. nonce: idjQ0B
+.. section: Security
+
+Fix parsing start and end tags in :class:`html.parser.HTMLParser` according
+to the HTML5 standard.
+
+* Whitespaces no longer accepted between ``</`` and the tag name.
+  E.g. ``</ script>`` does not end the script section.
+
+* Vertical tabulation (``\v``) and non-ASCII whitespaces no longer recognized
+  as whitespaces. The only whitespaces are ``\t\n\r\f`` and space.
+
+* Null character (U+0000) no longer ends the tag name.
+
+* Attributes and slashes after the tag name in end tags are now ignored,
+  instead of terminating after the first ``>`` in quoted attribute value.
+  E.g. ``</script/foo=">"/>``.
+
+* Multiple slashes and whitespaces between the last attribute and closing ``>``
+  are now ignored in both start and end tags. E.g. ``<a foo=bar/ //>``.
+
+* Multiple ``=`` between attribute name and value are no longer collapsed.
+  E.g. ``<a foo==bar>`` produces attribute "foo" with value "=bar".
+
+..
+
+.. date: 2025-06-18-13-34-55
+.. gh-issue: 135661
+.. nonce: NZlpWf
+.. section: Security
+
+Fix CDATA section parsing in :class:`html.parser.HTMLParser` according to
+the HTML5 standard: ``] ]>`` and ``]] >`` no longer end the CDATA section.
+Add private method ``_set_support_cdata()`` which can be used to specify how
+to parse ``<[CDATA[`` --- as a CDATA section in foreign content (SVG or
+MathML) or as a bogus comment in the HTML namespace.
+
+..
+
+.. date: 2025-06-18-13-28-08
+.. gh-issue: 102555
+.. nonce: nADrzJ
+.. section: Security
+
+Fix comment parsing in :class:`html.parser.HTMLParser` according to the
+HTML5 standard. ``--!>`` now ends the comment. ``-- >`` no longer ends the
+comment. Support abnormally ended empty comments ``<-->`` and ``<--->``.
+
+..
+
+.. date: 2025-06-13-15-55-22
+.. gh-issue: 135462
+.. nonce: KBeJpc
+.. section: Security
+
+Fix quadratic complexity in processing specially crafted input in
+:class:`html.parser.HTMLParser`. End-of-file errors are now handled
+according to the HTML5 specs -- comments and declarations are automatically
+closed, tags are ignored.
+
+..
+
+.. date: 2025-06-09-20-38-25
+.. gh-issue: 118350
+.. nonce: KgWCcP
+.. section: Security
+
+Fix support of escapable raw text mode (elements "textarea" and "title") in
+:class:`html.parser.HTMLParser`.
+
+..
+
+.. date: 2023-02-13-21-41-34
+.. gh-issue: 86155
+.. nonce: ppIGSC
+.. section: Security
+
+:meth:`html.parser.HTMLParser.close` no longer loses data when the
+``<script>`` tag is not closed. Patch by Waylan Limberg.
+
+..
+
+.. date: 2025-09-25-07-33-43
+.. gh-issue: 139312
+.. nonce: ygE8AC
+.. section: Library
+
+Upgrade bundled libexpat to 2.7.3
+
+..
+
+.. date: 2025-09-16-19-05-29
+.. gh-issue: 138998
+.. nonce: URl0Y_
+.. section: Library
+
+Update bundled libexpat to 2.7.2
+
+..
+
+.. date: 2025-07-23-00-35-29
+.. gh-issue: 130577
+.. nonce: c7EITy
+.. section: Library
+
+:mod:`tarfile` now validates archives to ensure member offsets are
+non-negative.  (Contributed by Alexander Enrique Urieles Nieto in
+:gh:`130577`.)
+
+..
+
+.. date: 2025-06-11-17-38-16
+.. gh-issue: 135374
+.. nonce: eqRcTc
+.. section: Library
+
+Update the bundled copy of setuptools to 79.0.1.

diff --git a/Misc/NEWS.d/next/Library/2025-06-11-17-38-16.gh-issue-135374.eqRcTc.rst b/Misc/NEWS.d/next/Library/2025-06-11-17-38-16.gh-issue-135374.eqRcTc.rst
deleted file mode 100644 (file)
index fe0b54f..0000000
--- a/Misc/NEWS.d/next/Library/2025-06-11-17-38-16.gh-issue-135374.eqRcTc.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update the bundled copy of setuptools to 79.0.1.

diff --git a/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
deleted file mode 100644 (file)
index 342cabb..0000000
--- a/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-:mod:`tarfile` now validates archives to ensure member offsets are
-non-negative.  (Contributed by Alexander Enrique Urieles Nieto in
-:gh:`130577`.)

diff --git a/Misc/NEWS.d/next/Library/2025-09-16-19-05-29.gh-issue-138998.URl0Y_.rst b/Misc/NEWS.d/next/Library/2025-09-16-19-05-29.gh-issue-138998.URl0Y_.rst
deleted file mode 100644 (file)
index ce377ab..0000000
--- a/Misc/NEWS.d/next/Library/2025-09-16-19-05-29.gh-issue-138998.URl0Y_.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update bundled libexpat to 2.7.2

diff --git a/Misc/NEWS.d/next/Library/2025-09-25-07-33-43.gh-issue-139312.ygE8AC.rst b/Misc/NEWS.d/next/Library/2025-09-25-07-33-43.gh-issue-139312.ygE8AC.rst
deleted file mode 100644 (file)
index 5178bda..0000000
--- a/Misc/NEWS.d/next/Library/2025-09-25-07-33-43.gh-issue-139312.ygE8AC.rst
+++ /dev/null
@@ -1 +0,0 @@
-Upgrade bundled libexpat to 2.7.3

diff --git a/Misc/NEWS.d/next/Security/2023-02-13-21-41-34.gh-issue-86155.ppIGSC.rst b/Misc/NEWS.d/next/Security/2023-02-13-21-41-34.gh-issue-86155.ppIGSC.rst
deleted file mode 100644 (file)
index bb85481..0000000
--- a/Misc/NEWS.d/next/Security/2023-02-13-21-41-34.gh-issue-86155.ppIGSC.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-:meth:`html.parser.HTMLParser.close` no longer loses data when the
-``<script>`` tag is not closed. Patch by Waylan Limberg.

diff --git a/Misc/NEWS.d/next/Security/2025-06-09-20-38-25.gh-issue-118350.KgWCcP.rst b/Misc/NEWS.d/next/Security/2025-06-09-20-38-25.gh-issue-118350.KgWCcP.rst
deleted file mode 100644 (file)
index 6ad3caf..0000000
--- a/Misc/NEWS.d/next/Security/2025-06-09-20-38-25.gh-issue-118350.KgWCcP.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Fix support of escapable raw text mode (elements "textarea" and "title")
-in :class:`html.parser.HTMLParser`.

diff --git a/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst b/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
deleted file mode 100644 (file)
index cf9aa8d..0000000
--- a/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-Fix quadratic complexity in processing specially crafted input in
-:class:`html.parser.HTMLParser`. End-of-file errors are now handled according
-to the HTML5 specs -- comments and declarations are automatically closed,
-tags are ignored.

diff --git a/Misc/NEWS.d/next/Security/2025-06-18-13-28-08.gh-issue-102555.nADrzJ.rst b/Misc/NEWS.d/next/Security/2025-06-18-13-28-08.gh-issue-102555.nADrzJ.rst
deleted file mode 100644 (file)
index 71d15ee..0000000
--- a/Misc/NEWS.d/next/Security/2025-06-18-13-28-08.gh-issue-102555.nADrzJ.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Fix comment parsing in :class:`html.parser.HTMLParser` according to the
-HTML5 standard. ``--!>`` now ends the comment. ``-- >`` no longer ends the
-comment. Support abnormally ended empty comments ``<-->`` and ``<--->``.

diff --git a/Misc/NEWS.d/next/Security/2025-06-18-13-34-55.gh-issue-135661.NZlpWf.rst b/Misc/NEWS.d/next/Security/2025-06-18-13-34-55.gh-issue-135661.NZlpWf.rst
deleted file mode 100644 (file)
index fe000d9..0000000
--- a/Misc/NEWS.d/next/Security/2025-06-18-13-34-55.gh-issue-135661.NZlpWf.rst
+++ /dev/null
@@ -1,5 +0,0 @@
-Fix CDATA section parsing in :class:`html.parser.HTMLParser` according to
-the HTML5 standard: ``] ]>`` and ``]] >`` no longer end the CDATA section.
-Add private method ``_set_support_cdata()`` which can be used to specify
-how to parse ``<[CDATA[`` --- as a CDATA section in foreign content
-(SVG or MathML) or as a bogus comment in the HTML namespace.

diff --git a/Misc/NEWS.d/next/Security/2025-06-25-14-13-39.gh-issue-135661.idjQ0B.rst b/Misc/NEWS.d/next/Security/2025-06-25-14-13-39.gh-issue-135661.idjQ0B.rst
deleted file mode 100644 (file)
index 27e886a..0000000
--- a/Misc/NEWS.d/next/Security/2025-06-25-14-13-39.gh-issue-135661.idjQ0B.rst
+++ /dev/null
@@ -1,20 +0,0 @@
-Fix parsing start and end tags in :class:`html.parser.HTMLParser`
-according to the HTML5 standard.
-
-* Whitespaces no longer accepted between ``</`` and the tag name.
-  E.g. ``</ script>`` does not end the script section.
-
-* Vertical tabulation (``\v``) and non-ASCII whitespaces no longer recognized
-  as whitespaces. The only whitespaces are ``\t\n\r\f`` and space.
-
-* Null character (U+0000) no longer ends the tag name.
-
-* Attributes and slashes after the tag name in end tags are now ignored,
-  instead of terminating after the first ``>`` in quoted attribute value.
-  E.g. ``</script/foo=">"/>``.
-
-* Multiple slashes and whitespaces between the last attribute and closing ``>``
-  are now ignored in both start and end tags. E.g. ``<a foo=bar/ //>``.
-
-* Multiple ``=`` between attribute name and value are no longer collapsed.
-  E.g. ``<a foo==bar>`` produces attribute "foo" with value "=bar".

diff --git a/Misc/NEWS.d/next/Security/2025-09-29-00-01-28.gh-issue-139400.X2T-jO.rst b/Misc/NEWS.d/next/Security/2025-09-29-00-01-28.gh-issue-139400.X2T-jO.rst
deleted file mode 100644 (file)
index a5dea3b..0000000
--- a/Misc/NEWS.d/next/Security/2025-09-29-00-01-28.gh-issue-139400.X2T-jO.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-:mod:`xml.parsers.expat`: Make sure that parent Expat parsers are only
-garbage-collected once they are no longer referenced by subparsers created
-by :meth:`~xml.parsers.expat.xmlparser.ExternalEntityParserCreate`.
-Patch by Sebastian Pipping.

diff --git a/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst b/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
deleted file mode 100644 (file)
index a8e7a1f..0000000
--- a/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Check consistency of the zip64 end of central directory record. Support
-records with "zip64 extensible data" if there are no bytes prepended to the
-ZIP file.

diff --git a/README.rst b/README.rst
index 410ebf091de3f797011563368626544b2b79a00c..41fd528b5f42cdd853a0001e1d6c78cfcd5b286f 100644 (file)
--- a/README.rst
+++ b/README.rst
@@ -1,4 +1,4 @@
-This is Python version 3.11.13
+This is Python version 3.11.14
 ==============================
 
 .. image:: https://github.com/python/cpython/workflows/Tests/badge.svg