The release of Python 3.14, released on October 7, 2025, marks a great milestone for the Python programming language. Developing a new release for the Python language is a major challenge and very hard work for many volunteers active in the Python ecosystem.

Python 3.14.0 contains many new features and optimisations compared to Python 3.13.

The biggest changes are not visible for users but are all kinds of improvements under the hood. The best thing still is that Python 3.14 is backwards compatible, so rewriting existing programs is not needed. But if you make extensive use of external packages some libraries should be adjusted due to deprecations.

From a security perspective the following improvements caught my eye:

• PEP 750: Template string literals (t-strings) for custom string processing, using the familiar syntax of f-strings. f-strings provide no way to intercept and transform interpolated values before they are combined into a final string. As a result, injudicious use of f-strings can lead to security issues. The new t-strings functionality intercepts values before they’re merged into the template, adding an extra layer of security. They allow you to validate or sanitise the input, so you can enforce types, escape or reject dangerous characters, or convert values into safe parameter placeholders that, e.g., a database driver can handle.
• PEP 784: A new module compression.zstd providing support for the Zstandard compression algorithm. This new module brings Meta’s high-performance Zstandard algorithm to the standard library. This is valuable when working with large datasets. However, decompression can still be a risk, so check if your SAST scanner checks code using this new Zstd algorithm.
• PEP 765: Disallow return/break/continue that exit a finally block: The warning/error will help with avoiding some hard-to-find bugs, so this improvement will have a security benefit for Python programs.
• Builtin implementation of HMAC with formally verified code from the HACL* project: This implementation is used as a fallback when the OpenSSL implementation of HMAC is not available. HMAC is Keyed-Hashing for Message Authentication (see RFC https://datatracker.ietf.org/doc/html/rfc2104.html ). Details in crypto matter, so check the complete discussion on this change here https://github.com/python/cpython/issues/99108.
• CPython now enables a set of recommended compiler options by default for improved security.
• Security improvement in tarfile module: Mitigation of several CVEs: CVE 2025-4138 , CVE 2024-12718.), CVE 2025-4330 andCVE 2024-12718 , CVE 2025-4435. E.g. data_filter() now normalizes symbolic link targets in order to avoid path traversal attacks, extractall() now skips fixing up directory attributes when a directory was removed or replaced by another kind of file.
• Update for the os.path module: The strict parameter torealpath() accepts a new value,ALLOW_MISSING. If used, errors other thanFileNotFoundError will be re-raised; the resulting path can be missing but it will be free of symlinks.See alsoCVE 2025-4517.

Python 3.14 represents a great step in Python’s evolution, with benefits for security. You should have a valid reason for not upgrading in the coming months from a security perspective. However, to minimise the risk of vulnerabilities caused by running Python programs, running a SAST (Static Application Security Testing) program like Python Code Audit remains vital.