Yes I know it got fixed in 3.8.1.
However, it is listed with more recent versions as not fixed at https://github.com/pypa/advisory-database/blob/main/vulns/markdown/PYSEC-2026-89.yaml. (Note that the versions are sorted in alphabetical, not numerical, order, so 3.10.x is line 44, not at the bottom.) Automated vulnerability scanners are picking this up and raising red flags. I suspect this was triggered by CVE-2025-69534 that was just assigned as of March of this year.
Yes I know it got fixed in 3.8.1.
However, it is listed with more recent versions as not fixed at https://github.com/pypa/advisory-database/blob/main/vulns/markdown/PYSEC-2026-89.yaml. (Note that the versions are sorted in alphabetical, not numerical, order, so 3.10.x is line 44, not at the bottom.) Automated vulnerability scanners are picking this up and raising red flags. I suspect this was triggered by CVE-2025-69534 that was just assigned as of March of this year.