This update for python39 fixes the following issues: Update to 3.9.17: * urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 . * Fixed a security in flaw in uu.decode that could allow for directory traversal based on the input if no out_file was specified. * Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. * trace. **main** now uses io.open_code for files to be executed instead of raw open. * CVE-2007-4559: The extraction methods in tarfile, and shutil.unpack_archive, have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details . * Fixed a deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. * Fixed a crash due to a race while iterating over thread states in clearing threading.local.