Python 3.9.3

What's new in this version:

Security:
- CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
- ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network.
- Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
- Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo.

Core and Builtins:
- Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.
- Report the column offset for SyntaxError for invalid line continuation characters. Patch by Pablo Galindo.
- Fix misdetection of circular imports when using from pkg.mod import attr, which caused false positives in non-trivial multi-threaded code.
- Python no longer fails at startup with a fatal error if a command line argument contains an invalid Unicode character. The Py_DecodeLocale() function now escapes byte sequences which would be decoded as Unicode characters outside the [U+0000; U+10ffff] range.
- Fix a possible race condition where PyErr_CheckSignals tries to execute a non-Python signal handler.
- Improve handling of exceptions near recursion limit. Converts a number of Fatal Errors in RecursionErrors.

Library:
- xmlrpc.client.ServerProxy no longer ignores query and fragment in the URL of the server.
- Raising an exception raised in a “future” instance will create reference cycles.
- Fix deadlock when using ssl.SSLContext debug callback with ssl.SSLContext.sni_callback().
- ast.unparse can now render NaNs and empty sets.
- subprocess.communicate() no longer raises an IndexError when there is an empty stdout or stderr IO buffer during a timeout on Windows.
- Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with initial_response_ok=False will fail.
- The cause is that SMTP.auth_login _always_ returns a password if provided with a challenge string, thus non-compliant with the standard for AUTH LOGIN.
- Also fixes bug with the test for smtpd.
- Improves the networking efficiency of http.client when using a proxy via set_tunnel(). Fewer small send calls are made during connection setup.
- Fix ElementTree.extend not working on iterators when using the Python implementation
- The python -m gzip command line application now properly fails when detecting an unsupported extension. It exits with a non-zero exit code and prints an error message to stderr.
- Fix TextIOWrapper can not flush internal buffer forever after very large text is written.
- Fail fast in shutil.move() to avoid creating destination directories on failure.
- Fixed memory leak in socketserver.ThreadingMixIn introduced in Python 3.7.

Documentation:
- Answer “Why is there no goto?” in the Design and History FAQ.
- Clarified that a result from time.monotonic(), time.perf_counter(), time.process_time(), or time.thread_time() can be compared with the result from any following call to the same function - not just the next immediate call.
- Clarify that ‘yield from <expr>’ works with any iterable, not just iterators.
- Update some deprecated unicode APIs which are documented as “will be removed in 4.0” to “3.12”. See PEP 623 for detail.

Tests:
- Fix test_getsetlocale_issue1813() of test_locale: skip the test if setlocale() fails. Patch by Victor Stinner.
- Add workaround for Ubuntu’s custom OpenSSL security level policy.
- Fix test_importlib to correctly skip Unicode file tests if the fileystem does not support them.

Build:
- Update macOS, Windows, and CI to OpenSSL 1.1.1k.
- Improve configure.ac: Check for presence of autoconf-archive package and remove our copies of M4 macros.

macOS:
- Update macOS installer build to use OpenSSL 1.1.1j.

IDLE:
- Document that IDLE can fail on Unix either from misconfigured IP masquerage rules or failure displaying complex colored (non-ascii) characters.
- Document why printing to IDLE’s Shell is often slower than printing to a system terminal and that it can be made faster by pre-formatting a single string before printing.