CVE-2023-40217
"There’s security content in the releases, let’s dive right in."
"gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data."
Python Insider: Python 3.11.5, 3.10.13, 3.9.18, and 3.8.18 is now available https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html