Python 3.12.12

Include/patchlevel.h

@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION        3
 #define PY_MINOR_VERSION        12
-#define PY_MICRO_VERSION        11
+#define PY_MICRO_VERSION        12
 #define PY_RELEASE_LEVEL        PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL       0
 
 /* Version as a string */
-#define PY_VERSION              "3.12.11+"
+#define PY_VERSION              "3.12.12"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.

Lib/pydoc_data/topics.py

@@ -1,4 +1,4 @@
-# Autogenerated by Sphinx on Tue Jun  3 17:41:43 2025
+# Autogenerated by Sphinx on Thu Oct  9 13:06:56 2025
 # as part of the release process.
 
 topics = {

Misc/NEWS.d/3.12.12.rst

@@ -0,0 +1,155 @@
+.. date: 2025-09-25-10-31-02
+.. gh-issue: 139330
+.. nonce: 5WWkY0
+.. release date: 2025-10-09
+.. section: Tools/Demos
+
+SBOM generation tool didn't cross-check the version and checksum values
+against the ``Modules/expat/refresh.sh`` script, leading to the values
+becoming out-of-date during routine updates.
+
+..
+
+.. date: 2025-10-07-19-31-34
+.. gh-issue: 139700
+.. nonce: vNHU1O
+.. section: Security
+
+Check consistency of the zip64 end of central directory record. Support
+records with "zip64 extensible data" if there are no bytes prepended to the
+ZIP file.
+
+..
+
+.. date: 2025-09-29-00-01-28
+.. gh-issue: 139400
+.. nonce: X2T-jO
+.. section: Security
+
+:mod:`xml.parsers.expat`: Make sure that parent Expat parsers are only
+garbage-collected once they are no longer referenced by subparsers created
+by :meth:`~xml.parsers.expat.xmlparser.ExternalEntityParserCreate`. Patch by
+Sebastian Pipping.
+
+..
+
+.. date: 2025-06-25-14-13-39
+.. gh-issue: 135661
+.. nonce: idjQ0B
+.. section: Security
+
+Fix parsing start and end tags in :class:`html.parser.HTMLParser` according
+to the HTML5 standard.
+
+* Whitespaces no longer accepted between ``</`` and the tag name.
+  E.g. ``</ script>`` does not end the script section.
+
+* Vertical tabulation (``\v``) and non-ASCII whitespaces no longer recognized
+  as whitespaces. The only whitespaces are ``\t\n\r\f`` and space.
+
+* Null character (U+0000) no longer ends the tag name.
+
+* Attributes and slashes after the tag name in end tags are now ignored,
+  instead of terminating after the first ``>`` in quoted attribute value.
+  E.g. ``</script/foo=">"/>``.
+
+* Multiple slashes and whitespaces between the last attribute and closing ``>``
+  are now ignored in both start and end tags. E.g. ``<a foo=bar/ //>``.
+
+* Multiple ``=`` between attribute name and value are no longer collapsed.
+  E.g. ``<a foo==bar>`` produces attribute "foo" with value "=bar".
+
+..
+
+.. date: 2025-06-18-13-34-55
+.. gh-issue: 135661
+.. nonce: NZlpWf
+.. section: Security
+
+Fix CDATA section parsing in :class:`html.parser.HTMLParser` according to
+the HTML5 standard: ``] ]>`` and ``]] >`` no longer end the CDATA section.
+Add private method ``_set_support_cdata()`` which can be used to specify how
+to parse ``<[CDATA[`` --- as a CDATA section in foreign content (SVG or
+MathML) or as a bogus comment in the HTML namespace.
+
+..
+
+.. date: 2025-06-18-13-28-08
+.. gh-issue: 102555
+.. nonce: nADrzJ
+.. section: Security
+
+Fix comment parsing in :class:`html.parser.HTMLParser` according to the
+HTML5 standard. ``--!>`` now ends the comment. ``-- >`` no longer ends the
+comment. Support abnormally ended empty comments ``<-->`` and ``<--->``.
+
+..
+
+.. date: 2025-06-13-15-55-22
+.. gh-issue: 135462
+.. nonce: KBeJpc
+.. section: Security
+
+Fix quadratic complexity in processing specially crafted input in
+:class:`html.parser.HTMLParser`. End-of-file errors are now handled
+according to the HTML5 specs -- comments and declarations are automatically
+closed, tags are ignored.
+
+..
+
+.. date: 2025-06-09-20-38-25
+.. gh-issue: 118350
+.. nonce: KgWCcP
+.. section: Security
+
+Fix support of escapable raw text mode (elements "textarea" and "title") in
+:class:`html.parser.HTMLParser`.
+
+..
+
+.. date: 2023-02-13-21-41-34
+.. gh-issue: 86155
+.. nonce: ppIGSC
+.. section: Security
+
+:meth:`html.parser.HTMLParser.close` no longer loses data when the
+``<script>`` tag is not closed. Patch by Waylan Limberg.
+
+..
+
+.. date: 2025-09-25-07-33-43
+.. gh-issue: 139312
+.. nonce: ygE8AC
+.. section: Library
+
+Upgrade bundled libexpat to 2.7.3
+
+..
+
+.. date: 2025-09-16-19-05-29
+.. gh-issue: 138998
+.. nonce: URl0Y_
+.. section: Library
+
+Update bundled libexpat to 2.7.2
+
+..
+
+.. date: 2025-07-23-00-35-29
+.. gh-issue: 130577
+.. nonce: c7EITy
+.. section: Library
+
+:mod:`tarfile` now validates archives to ensure member offsets are
+non-negative.  (Contributed by Alexander Enrique Urieles Nieto in
+:gh:`130577`.)
+
+..
+
+.. date: 2025-06-09-23-57-37
+.. gh-issue: 130077
+.. nonce: MHknDB
+.. section: Core and Builtins
+
+Properly raise custom syntax errors when incorrect syntax containing names
+that are prefixes of soft keywords is encountered.  Patch by Pablo Galindo.

Misc/NEWS.d/next/Core and Builtins/2025-06-09-23-57-37.gh-issue-130077.MHknDB.rst

@@ -1,2 +0,0 @@
-Properly raise custom syntax errors when incorrect syntax containing names
-that are prefixes of soft keywords is encountered.  Patch by Pablo Galindo.

Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst

@@ -1,3 +0,0 @@
-:mod:`tarfile` now validates archives to ensure member offsets are
-non-negative.  (Contributed by Alexander Enrique Urieles Nieto in
-:gh:`130577`.)

Misc/NEWS.d/next/Library/2025-09-16-19-05-29.gh-issue-138998.URl0Y_.rst

@@ -1 +0,0 @@
-Update bundled libexpat to 2.7.2

Misc/NEWS.d/next/Library/2025-09-25-07-33-43.gh-issue-139312.ygE8AC.rst

@@ -1 +0,0 @@
-Upgrade bundled libexpat to 2.7.3

Misc/NEWS.d/next/Security/2023-02-13-21-41-34.gh-issue-86155.ppIGSC.rst

@@ -1,2 +0,0 @@
-:meth:`html.parser.HTMLParser.close` no longer loses data when the
-``<script>`` tag is not closed. Patch by Waylan Limberg.

Misc/NEWS.d/next/Security/2025-06-09-20-38-25.gh-issue-118350.KgWCcP.rst

@@ -1,2 +0,0 @@
-Fix support of escapable raw text mode (elements "textarea" and "title")
-in :class:`html.parser.HTMLParser`.

Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst

@@ -1,4 +0,0 @@
-Fix quadratic complexity in processing specially crafted input in
-:class:`html.parser.HTMLParser`. End-of-file errors are now handled according
-to the HTML5 specs -- comments and declarations are automatically closed,
-tags are ignored.

Misc/NEWS.d/next/Security/2025-06-18-13-28-08.gh-issue-102555.nADrzJ.rst

@@ -1,3 +0,0 @@
-Fix comment parsing in :class:`html.parser.HTMLParser` according to the
-HTML5 standard. ``--!>`` now ends the comment. ``-- >`` no longer ends the
-comment. Support abnormally ended empty comments ``<-->`` and ``<--->``.

Misc/NEWS.d/next/Security/2025-06-18-13-34-55.gh-issue-135661.NZlpWf.rst

@@ -1,5 +0,0 @@
-Fix CDATA section parsing in :class:`html.parser.HTMLParser` according to
-the HTML5 standard: ``] ]>`` and ``]] >`` no longer end the CDATA section.
-Add private method ``_set_support_cdata()`` which can be used to specify
-how to parse ``<[CDATA[`` --- as a CDATA section in foreign content
-(SVG or MathML) or as a bogus comment in the HTML namespace.

Misc/NEWS.d/next/Security/2025-06-25-14-13-39.gh-issue-135661.idjQ0B.rst

@@ -1,20 +0,0 @@
-Fix parsing start and end tags in :class:`html.parser.HTMLParser`
-according to the HTML5 standard.
-
-* Whitespaces no longer accepted between ``</`` and the tag name.
-  E.g. ``</ script>`` does not end the script section.
-
-* Vertical tabulation (``\v``) and non-ASCII whitespaces no longer recognized
-  as whitespaces. The only whitespaces are ``\t\n\r\f`` and space.
-
-* Null character (U+0000) no longer ends the tag name.
-
-* Attributes and slashes after the tag name in end tags are now ignored,
-  instead of terminating after the first ``>`` in quoted attribute value.
-  E.g. ``</script/foo=">"/>``.
-
-* Multiple slashes and whitespaces between the last attribute and closing ``>``
-  are now ignored in both start and end tags. E.g. ``<a foo=bar/ //>``.
-
-* Multiple ``=`` between attribute name and value are no longer collapsed.
-  E.g. ``<a foo==bar>`` produces attribute "foo" with value "=bar".

Misc/NEWS.d/next/Security/2025-09-29-00-01-28.gh-issue-139400.X2T-jO.rst

@@ -1,4 +0,0 @@
-:mod:`xml.parsers.expat`: Make sure that parent Expat parsers are only
-garbage-collected once they are no longer referenced by subparsers created
-by :meth:`~xml.parsers.expat.xmlparser.ExternalEntityParserCreate`.
-Patch by Sebastian Pipping.

Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst

@@ -1,3 +0,0 @@
-Check consistency of the zip64 end of central directory record. Support
-records with "zip64 extensible data" if there are no bytes prepended to the
-ZIP file.

Misc/NEWS.d/next/Tools-Demos/2025-09-25-10-31-02.gh-issue-139330.5WWkY0.rst

@@ -1,3 +0,0 @@
-SBOM generation tool didn't cross-check the version and checksum values
-against the ``Modules/expat/refresh.sh`` script, leading to the values
-becoming out-of-date during routine updates.

README.rst

@@ -1,4 +1,4 @@
-This is Python version 3.12.11
+This is Python version 3.12.12
 ==============================
 
 .. image:: https://github.com/python/cpython/workflows/Tests/badge.svg