← Back to all briefings
Developer 7 min read Published Updated Credibility 71/100

Python 3.10 Release

Python 3.10.0 landed on 4 October 2021 with structural pattern matching (PEPs 634–636), precise tracebacks, new typing features, and a requirement for OpenSSL 1.1.1+, setting the stage for modernization of dependency stacks and security posture through October 2026.

Kodi C.

Editor & Research Lead

Accuracy-reviewed by the editorial team

Developer pillar illustration for Zeph Tech briefings
Developer enablement and platform engineering briefings

Python 3.10.0 was released on as the next feature line after Python 3.9. The release introduces structural pattern matching (PEPs 634–636), finer-grained error messages, improved typing primitives, and enforcement of OpenSSL 1.1.1+ for ssl modules. Support runs through October 2026 with security fixes only after October 2024. Engineering teams should use 3.10 to modernize control flow, clean up typing, and validate dependencies for the OpenSSL requirement while retaining 3.9 or 3.11 in production until compatibility is established.

Release changes and feature coverage

  • Structural pattern matching: PEPs 634, 635, and 636 add match/case syntax for expressive destructuring of sequences, mappings, classes, and enums. Guard clauses and pattern bindings enable concise parsing logic and replace many chains of if/elif.
  • Improved developer experience: More precise syntax errors point to the exact token or expression (PEP 657), and tracebacks display the expression that triggered an exception. Parenthesized context managers (PEP 634) simplify multi-resource management.
  • Typing ecosystem: typing. ParamSpec and typing. TypeGuard mature callable typing, while types. UnionType (X | Y) becomes standard syntax. The typing module removes several deprecated aliases, pushing projects toward modern annotations.
  • Standard library updates: zip() gains a strict parameter, str.removeprefix/removesuffix continue to improve string handling, and the zoneinfo module extends time zone data. IDLE, asyncio, and logging receive numerous quality-of-life improvements.
  • Build and platform baseline: The release requires OpenSSL 1.1.1 or newer (PEP 644), deprecates Windows 7, and improves macOS universal builds for Apple Silicon. The bundled pip and setuptools versions advance to support manylinux_2_24 wheels and auditing.

Official release notes stress that the stable ABI is preserved, but several deprecations point to future removals in Python 3.12+ (for example, distutils is deprecated). Package maintainers should consult What is New in Python 3.10 to identify APIs slated for removal and plan updates as needed.

Compatibility considerations

Successful adoption of Python 3.10 requires both syntax updates and dependency validation:

  • Update toolchains: Pin CI to Python 3.10.0+ and ensure virtualenv, tox, and pre-commit hooks install the correct interpreter. Configure python_requires>='3.10' in setup metadata once compatibility is validated.
  • Refactor code to support pattern matching: Replace verbose if/elif dispatchers with match/case statements where appropriate. Add tests for exhaustiveness and guard handling, especially for protocol parsers and DSL interpreters.
  • Resolve typing changes: Adopt X | Y union syntax and ParamSpec for decorator signatures. Remove deprecated aliases like collections.abc. MutableMapping imports from collections. Update type checkers (mypy, pyright) to 2021+ releases that understand 3.10 features.
  • Validate cryptography dependencies: Because Python 3.10 links to OpenSSL 1.1.1+, rebuild cryptography, pyOpenSSL, and requests-adjacent packages in environments that meet this minimum. On older Linux distributions, supply vendor backports or container images with OpenSSL 1.1.1 or 3.0.
  • Packaging and wheels: Ensure C-extension wheels are compiled for cp310 and tagged appropriately. Audit build pipelines using auditwheel or delocate to verify manylinux and macOS arm64 compliance.
  • Deprecation cleanup: distutils is deprecated and slated for removal. Begin migrating to setuptools or build backends (PEP 517/518). Replace legacy asyncio.get_event_loop() patterns with asyncio.run() or context-managed loops to satisfy newer warnings.

Create a staged rollout: run unit and integration suites under 3.10 in CI, then deploy to canary environments. Capture metrics for startup time, memory, and key service-level indicators to compare against 3.9 baselines. Pay attention to changes in exception grouping output, which can alter log parsing in centralized logging systems.

Operational factors

Python 3.10 inherits the PSRT security cadence, with micro releases delivering CVE fixes (for example, CVE-2021-3737 for urllib request smuggling and CVE-2022-0391 for DoS in pydoc were addressed in later 3.10.x patches). Running 3.10.0 without updates leaves these issues exposed.

  • Patch regularly: Plan to track 3.10.x micro releases; today the most secure choice is 3.10.15+. Incorporate patch upgrades into monthly or quarterly maintenance windows and rebuild wheels to capture patched stdlib components.
  • OpenSSL baseline: With the 1.1.1 requirement, TLS 1.0/1.1 may be disabled by default depending on distro settings. Validate outbound mTLS and OCSP stapling with integration tests, and configure SSLContext as needed. Monitor OpenSSL advisories (for example, CVE-2021-4160) that may require distro-level updates even if Python itself is current.
  • Supply chain hygiene: Use pip install --upgrade --require-hashes or lockfiles (pip-tools, Poetry, PDM) to pin transitive dependencies. Generate SBOMs (CycloneDX or SPDX) and attach them to build artifacts. Enable pip audit or equivalent services to flag CVEs across PyPI packages.
  • Runtime hardening: For containerized deployments, set PYTHONHASHSEED=random (default) to reduce hash-collision attacks, keep -O improvements off unless tested, and enforce PYTHONSAFEPATH or sanitized PYTHONPATH in server environments.

Operational teams should update observability: OpenTelemetry Python SDK and popular APM agents released 3.10-compatible builds in late 2021; ensure your version supports the new frame evaluation changes to avoid incomplete spans or traces. Monitor resource usage because pattern matching and improved error reporting can change bytecode size and code object caching patterns.

Implementation checklist: (1) Align CI and packaging with Python 3.10 interpreters, (2) refactor code and typing to use pattern matching and modern annotations, (3) rebuild native and crypto dependencies with OpenSSL 1.1.1+, (4) integrate vulnerability scanning and SBOM generation, and (5) schedule recurring micro-version updates through the 3.10 support window ending October 2026.

Documentation teams should refresh tutorials and linting configurations to showcase pattern matching, new error message formats, and the optional parenthesized context managers. Provide before-and-after examples so developers can map legacy idioms to 3.10 good practices without guesswork.

Platform owners should also note the continued push toward per-ABI platform tags. If you distribute internal wheels, automate builds for manylinux_2_24, musllinux, macOS Intel, and macOS arm64 to avoid slow source builds on Apple Silicon laptops and Alpine containers.

Finally, prepare a retirement plan for Python 3.8 and 3.9 in your environment. With security support for 3.8 ending in October 2024 and 3.9 ending in October 2025, Python 3.10 serves as a bridge release before 3.11 performance improvements arrive. Align your governance artifacts and asset inventory so auditors can see supported interpreter versions across services.

Record migration decisions in your change-management system, noting test coverage status for pattern matching, SSL baselines, and wheel availability, so future auditors can trace when Python 3.10 reached full production readiness.

Release changes tied to upstream PEPs

Python 3.10.0, per the official notes, introduces structural pattern matching (PEP 634/635/636), providing a powerful syntax for deconstructing objects. Type hinting advances with union types using | (PEP 604) and precise typing for containers (PEP 646). Error messages are significantly improved with caret-based diagnostics. Core library additions include new statistics functions, timezone support refinements, and better asyncio debugging.

Build and packaging changes matter for platform owners: many C-API symbols were moved behind the Py_LIMITED_API boundary, some private headers were removed, and the Windows installer now bundles the tzdata package. The interpreter now requires OpenSSL 1.1.1 or newer, aligning with long-term support cryptography stacks.

Compatibility considerations

Adopt the porting guide to refactor code that depends on deprecated distutils and legacy typing aliases. Update pattern-matching setups to include exhaustiveness checks and safeguard against overly broad case _ statements. Rebuild native extensions to account for moved headers and the stricter limited API boundaries; verify wheels are published for manylinux_2_24 and macOS universal2 targets.

Testing should cover JSON parsers and third-party libraries that relied on legacy inspect behaviors, as several functions changed return shapes. If you maintain runtime feature flags (for example, PYTHONNODEBUG), retest under the new error-reporting pipeline to ensure log scrapers and APM tools handle the richer tracebacks.

Operational factors

Security releases following 3.10.0 remediated issues such as CVE-2022-0391 (DoS in urllib.parse), CVE-2022-26488 (ftplib) and CVE-2022-45061 (hash collisions). Pin to the latest 3.10.x and monitor python.org security-announce. Because OpenSSL 1.1.1 is required, validate container base images include current OpenSSL patch levels to avoid linking against EOL crypto.

Operational teams should benchmark structural pattern matching in hot code paths, as complex match statements may introduce branching costs. Revisit sandboxing or supply-chain controls for packaging: pip 21.x and newer can enforce --require-hashes to mitigate tampering, and pip audit surfaces known CVEs in dependencies—use them as part of CI gates when rolling out 3.10.

Similar analysis

Additional analysis covering similar themes.

Continue in the Developer pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Secure Software Supply Chain Tooling Guide

    Engineer developer platforms that deliver verifiable provenance, SBOM distribution, vendor assurance, and runtime integrity aligned with SLSA v1.0, NIST SP 800-204D, and CISA SBOM…

  • AI-Assisted Development Governance Guide

    Govern GitHub Copilot, Azure AI, and internal generative assistants with controls aligned to NIST AI RMF 1.0, EU AI Act enforcement timelines, OMB M-24-10, and enterprise privacy…

  • Developer Enablement & Platform Operations Guide

    Plan AI-assisted development, secure SDLC controls, and runtime upgrades using our research on GitHub Copilot, GitHub Advanced Security, and major language lifecycles.

Coverage intelligence

Published
Coverage pillar
Developer
Source credibility
71/100 — medium confidence
Topics
Software Development · Runtime Briefing · Briefing · Python · Developer
Sources cited
2 sources (iso.org, github.com)
Reading time
7 min

Further reading

  1. Industry Standards and Best Practices — International Organization for Standardization
  2. GitHub Security Advisory Database
  • Software Development
  • Runtime Briefing
  • Briefing
  • Python
  • Developer
Back to curated briefings

Comments

Community

We publish only high-quality, respectful contributions. Every submission is reviewed for clarity, sourcing, and safety before it appears here.

    Share your perspective

    Submissions showing "Awaiting moderation" are in review. Spam, low-effort posts, or unverifiable claims will be rejected. We verify submissions with the email you provide, and we never publish or sell that address.

    Verification

    Complete the CAPTCHA to submit.