Python 3.8.16v3.8.16

9 files changed, 69 insertions, 23 deletions

diff --git a/Include/patchlevel.h b/Include/patchlevel.h
index 04b2eb8ad3f..8b5b8d3a85d 100644
--- a/Include/patchlevel.h
+++ b/Include/patchlevel.h
@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION        3
 #define PY_MINOR_VERSION        8
-#define PY_MICRO_VERSION        15
+#define PY_MICRO_VERSION        16
 #define PY_RELEASE_LEVEL        PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL       0
 
 /* Version as a string */
-#define PY_VERSION              "3.8.15+"
+#define PY_VERSION              "3.8.16"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.
diff --git a/Misc/NEWS.d/3.8.16.rst b/Misc/NEWS.d/3.8.16.rst
new file mode 100644
index 00000000000..c320159b73b
--- /dev/null
+++ b/Misc/NEWS.d/3.8.16.rst
@@ -0,0 +1,66 @@
+.. date: 2022-12-05-01-39-10
+.. gh-issue: 100001
+.. nonce: uD05Fc
+.. release date: 2022-12-06
+.. section: Security
+
+``python -m http.server`` no longer allows terminal control characters sent
+within a garbage request to be printed to the stderr server log.
+
+This is done by changing the :mod:`http.server`
+:class:`BaseHTTPRequestHandler` ``.log_message`` method to replace control
+characters with a ``\xHH`` hex escape before printing.
+
+..
+
+.. date: 2022-11-11-12-50-28
+.. gh-issue: 87604
+.. nonce: OtwH5L
+.. section: Security
+
+Avoid publishing list of active per-interpreter audit hooks via the
+:mod:`gc` module
+
+..
+
+.. date: 2022-11-04-09-29-36
+.. gh-issue: 98433
+.. nonce: l76c5G
+.. section: Security
+
+The IDNA codec decoder used on DNS hostnames by :mod:`socket` or
+:mod:`asyncio` related name resolution functions no longer involves a
+quadratic algorithm. This prevents a potential CPU denial of service if an
+out-of-spec excessive length hostname involving bidirectional characters
+were decoded. Some protocols such as :mod:`urllib` http ``3xx`` redirects
+potentially allow for an attacker to supply such a name.
+
+..
+
+.. date: 2022-10-26-21-04-23
+.. gh-issue: 98739
+.. nonce: keBWcY
+.. section: Security
+
+Update bundled libexpat to 2.5.0
+
+..
+
+.. date: 2022-10-21-13-31-47
+.. gh-issue: 98517
+.. nonce: SXXGfV
+.. section: Security
+
+Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
+
+..
+
+.. date: 2022-04-27-18-25-30
+.. gh-issue: 68966
+.. nonce: gjS8zs
+.. section: Security
+
+The deprecated mailcap module now refuses to inject unsafe text (filenames,
+MIME types, parameters) into shell commands. Instead of using such text, it
+will warn and act as if a match was not found (or for test commands, as if
+the test failed).
diff --git a/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
deleted file mode 100644
index da81a1f6993..00000000000
--- a/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-The deprecated mailcap module now refuses to inject unsafe text (filenames,
-MIME types, parameters) into shell commands. Instead of using such text, it
-will warn and act as if a match was not found (or for test commands, as if
-the test failed).
diff --git a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
deleted file mode 100644
index 2d23a6ad93c..00000000000
--- a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+++ /dev/null
@@ -1 +0,0 @@
-Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
diff --git a/Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst b/Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst
deleted file mode 100644
index b63a54b3676..00000000000
--- a/Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update bundled libexpat to 2.5.0
diff --git a/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
deleted file mode 100644
index 5185fac2e29..00000000000
--- a/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
+++ /dev/null
@@ -1,6 +0,0 @@
-The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio`
-related name resolution functions no longer involves a quadratic algorithm.
-This prevents a potential CPU denial of service if an out-of-spec excessive
-length hostname involving bidirectional characters were decoded. Some protocols
-such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker
-to supply such a name.
diff --git a/Misc/NEWS.d/next/Security/2022-11-11-12-50-28.gh-issue-87604.OtwH5L.rst b/Misc/NEWS.d/next/Security/2022-11-11-12-50-28.gh-issue-87604.OtwH5L.rst
deleted file mode 100644
index c931409b817..00000000000
--- a/Misc/NEWS.d/next/Security/2022-11-11-12-50-28.gh-issue-87604.OtwH5L.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Avoid publishing list of active per-interpreter audit hooks via the
-:mod:`gc` module
diff --git a/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst b/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst
deleted file mode 100644
index a396e95cd83..00000000000
--- a/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst
+++ /dev/null
@@ -1,6 +0,0 @@
-``python -m http.server`` no longer allows terminal control characters sent
-within a garbage request to be printed to the stderr server log.
-
-This is done by changing the :mod:`http.server` :class:`BaseHTTPRequestHandler`
-``.log_message`` method to replace control characters with a ``\xHH`` hex escape
-before printing.
diff --git a/README.rst b/README.rst
index f244a926fa7..3aed3a5c47d 100644
--- a/README.rst
+++ b/README.rst
@@ -1,4 +1,4 @@
-This is Python version 3.8.15
+This is Python version 3.8.16
 =============================
 
 .. image:: https://travis-ci.org/python/cpython.svg?branch=3.8